KrakenD CE and EE 2.10.1 (bugfixing) released
by Albert Lombarte
This minor release of KrakenD - Community Edition and Enterprise Edition - is a security fix and introduces small bug resolution in the Enterprise version.
Both CE and EE now run on Go 1.24.4, which includes patches for security vulnerabilities included in the language.
🚀 Summary of changes for EEv2.10.1 (patch)
Minor fixes on weighted quotas and middleware plugins
-
The
no-opencoding for Enterprise is now compatible with streaming. - Allow the direct WebSockets connection to forward query strings.
-
Allow non json.Number fields in the
weight_keyto be used as weights. - Check plugin middleware factories returning nil handlers, to not cause a panic.
- Upgraded Go to 1.24.4 fixing CVE-2025-4673 and CVE-2025-22874.
- Upgraded Client Credentials to remove false positive CVE-2025-22868. This functionality is not present on KrakenD.
Upgrading to the latest version is always advised.
🚀 Summary of changes for CEv2.10.1 (patch)
Minor fixes on weighted quotas and middleware plugins
-
OTEL
client.addressnow honors the routertrusted_proxiessetting -
Removed the log line
Parsing configuration file: krakend.jsonbefore registering the logging component. -
Expanded the functions
headers()andparams()in Lua to work without arguments and return aluaTable. - Upgraded Go to 1.24.4 fixing CVE-2025-4673 and CVE-2025-22874.
- Upgraded Client Credentials to remove false positive CVE-2025-22868. This functionality is not present on KrakenD.
Upgrading to the latest version is always advised.
Categories:
Product UpdatesSecurity