KrakenD CE 2.13.8 and EE 2.13.6 update released
by Jorge Tarrero
This patch release of KrakenD Community Edition and Enterprise Edition upgrades Go to 1.25.12 to address several disclosed CVEs. Check our security advisories page for more details:
In addition, KrakenD Enterprise Edition 2.13.6 fixes the OpenAPI import so it keeps path parameter descriptions and other metadata that were previously lost.
🚀 Summary of changes for EEv2.13.6 (patch)
Recommended security upgrade addressing several vulnerabilities by the Go team
- OpenAPI import now properly generates KrakenD path parameters
- Upgraded Go to 1.25.12, addressing several CVEs with disclosed descriptions:
- CVE-2026-39822
os: Root escape via symlink plus trailing slash - CVE-2026-42505
crypto/tls: Encrypted Client Hello privacy leak
- CVE-2026-39822
Upgrading to the latest version is always advised.
🚀 Summary of changes for CEv2.13.8 (patch)
Recommended security upgrade addressing several vulnerabilities by the Go team
- Upgraded Go to 1.25.12, addressing several CVEs with disclosed descriptions:
- CVE-2026-39822
os: Root escape via symlink plus trailing slash - CVE-2026-42505
crypto/tls: Encrypted Client Hello privacy leak
- CVE-2026-39822
Upgrading to the latest version is always advised.