Advisories for Maven/Org.apache.polaris/Polaris-Runtime-Service package

Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation becomes attacker-directed because the attacker can choose a reachable target location. In the confirmed variant, if the caller supplies a custom location during stage create and requests …

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a Polaris-managed catalog, changing only that property through an ALTER TABLE-style settings change (not a row-level INSERT, SELECT, UPDATE, or DELETE) bypasses the …