News KrakenD CE and EE 2.10.1 (bugfixing) released

Return to blog's homepage

Blog categories

Product UpdatesSecurity

2 min read

KrakenD CE and EE 2.10.1 (bugfixing) released

by Albert Lombarte

This minor release of KrakenD - Community Edition and Enterprise Edition - is a security fix and introduces small bug resolution in the Enterprise version.

Both CE and EE now run on Go 1.24.4, which includes patches for security vulnerabilities included in the language.

🚀 Summary of changes for EEv2.10.1 (patch)

Minor fixes on weighted quotas and middleware plugins

  • The no-op encoding for Enterprise is now compatible with streaming.
  • Allow the direct WebSockets connection to forward query strings.
  • Allow non json.Number fields in the weight_key to be used as weights.
  • Check plugin middleware factories returning nil handlers, to not cause a panic.
  • Upgraded Go to 1.24.4 fixing CVE-2025-4673 and CVE-2025-22874.
  • Upgraded Client Credentials to remove false positive CVE-2025-22868. This functionality is not present on KrakenD.

Upgrading to the latest version is always advised.

🚀 Summary of changes for CEv2.10.1 (patch)

Minor fixes on weighted quotas and middleware plugins

  • OTEL client.address now honors the router trusted_proxies setting
  • Removed the log line Parsing configuration file: krakend.json before registering the logging component.
  • Expanded the functions headers() and params() in Lua to work without arguments and return a luaTable.
  • Upgraded Go to 1.24.4 fixing CVE-2025-4673 and CVE-2025-22874.
  • Upgraded Client Credentials to remove false positive CVE-2025-22868. This functionality is not present on KrakenD.

Upgrading to the latest version is always advised.

Categories: Product UpdatesSecurity

Stay up to date with KrakenD releases and important updates