This page lists security fixes that the Kyuubi PMC felt warranted a CVE. If you think something is missing from this list or if you think the set of impacted or fixed versions is incomplete then please ask on security@apache.org.
CVEs are presented in most-recent-first order of announcement.
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config
kyuubi.session.local.dir.allow.list and use local files which are not listed in the config.