News KrakenD CE 2.13.2 update released

Return to blog's homepage

Blog categories

Product UpdatesSecurity

1 min read

KrakenD CE 2.13.2 update released

by Jorge Tarrero

This minor release of KrakenD Community Edition is a security fix bringing all patches from Go 1.25.8 and telemetry/opentelemetry package.

It also fixes a bug that was provoking router panics when the disabled_redirect_fixed_path is not enabled and a request path doesn’t match any registered route.

🚀 Summary of changes for CEv2.13.2 (patch)

Recommended security upgrade addressing several vulnerabilities

  • Fixed router panic (invalid node type) that occurs when disabled_redirect_fixed_path is not enabled and a request path doesn’t match any registered route.
  • Upgraded Go to 1.25.8 addressing several CVEs with disclosed descriptions:

    • CVE-2026-27142 html/template: URLs in meta content attribute actions are not escaped (false positive)
    • CVE-2026-25679 net/url: reject IPv6 literal not at start of host
    • CVE-2026-27139 os: FileInfo can escape from a Root

  • Upgraded telemetry/opentelemetry component to address CVE-2026-24051
  • Opencensus no longer instruments PubSub nor Jose secrets management.

Upgrading to the latest version is always advised.

Categories: Product UpdatesSecurity

Stay up to date with KrakenD releases and important updates