News KrakenD EE 2.12.1 update released

Return to blog's homepage

Blog categories

Product UpdatesSecurity

1 min read

KrakenD EE 2.12.1 update released

by Albert Lombarte

This update of KrakenD Enterprise Edition is a minor security patch to remove false positives in security scanners. The release addresses two security advisories: CVE-2025-58181 and CVE-2025-47914 (false-positives). It’s important to note that these CVEs reference vulnerabilities primarily targeting SSH functionality, which KrakenD does not include, so even not updating previous versions of KrakenD are unaffected.

This release also adds support for registering IPv6 members on the Revoke Server, accepts .yaml extensions in addition to .yml by the parser, and makes the skip_headers option in OpenTelemetry (OTEL) case insensitive.

🚀 Summary of changes for EEv2.12.1 (patch)

Patched false posives related to the Go crypto package

  • Allow registration of IPv6 members on the Revoke Server
  • Make the skip_headers option in OTEL case insensitive
  • Accept .yaml extensions in addition to .yml in the new configuration parser
  • Upgraded Go to 1.25.4 addressing minor fixes"
  • Upgraded the golang.org/x/crypto package to address CVE-2025-58181 and CVE-2025-47914 (false-positives)

Upgrading to the latest version is always advised.

Categories: Product UpdatesSecurity

Stay up to date with KrakenD releases and important updates