[RELEASE] Kafka Connect ScyllaDB Sink Connector v1.1.6

nikagra · June 19, 2026, 11:51am

Hi everyone,

We’re happy to announce the release of Kafka Connect ScyllaDB Sink Connector v1.1.6.
This is a patch release focused on security remediations.

What’s Changed

CVE-2026-44249 (Netty, CVSS 8.1): IpSubnetFilterRule.compareTo() performs an incorrect masking operation, allowing attackers to bypass IPv6 subnet ACL rules with crafted addresses.Fixed by overriding netty to 4.1.135.Final (#185).
CVE-2026-45416 (Netty, CVSS 7.5): SslClientHelloHandler.decode() allocates up to 16 MiB of unpooled memory per TLS ClientHello when using SniHandler defaults, allowing a peer to trigger memory exhaustion (DoS) with a crafted handshake. Fixed by overriding netty to 4.1.135.Final (#185).
Guava updated to 33.6.0-jre (#170)

Who should upgrade

This release is recommended for all users, particularly those whose connectors are reachable from untrusted network peers or use TLS with SNI routing.

Links

Full Changelog: Comparing 1.1.5…1.1.6
GitHub Release: Release 1.1.6

As always, feel free to report any issues on GitHub.

Topic		Replies	Views
[RELEASE] Kafka Connect ScyllaDB Sink Connector v1.1.5 Release Notes release , open-source , kafka	0	43	May 26, 2026
[RELEASE] Scylla CDC Source Connector v2.0.3 Release Notes release , open-source , cdc , kafka	0	12	June 21, 2026
Nesuss 143421 Vulnerability Database Community security	3	377	January 3, 2024
[RELEASE] ScyllaDB Java Driver 4.19.2.0 Release Notes release , drivers , java-driver	0	10	June 25, 2026
Unable to config kafka-scylla-sink connector(Kafka topic to Scylla Table) ScyllaDB error-message , kafka , configuration	1	152	December 22, 2024

[RELEASE] Kafka Connect ScyllaDB Sink Connector v1.1.6

What’s Changed

Who should upgrade

Links

Related topics