News Automating License Validity Checks with KrakenD

KrakenD CE 2.4.2 and EE 2.3.3 security fixes

by Albert Lombarte

Jul 7, 2023

1 min read

A new patch version KrakenD Enterprise 2.3.3, and another for KrakenD Community 2.4.2 is available on the download page and the Docker registry. Upgrading from any 2.x is backward compatible.

The following security fixes do not seem to have any impact on KrakenD after all the tests performed, but a patch is offered as a cautionary measure.

🚀 Summary of changes for CEv2.4

We have updated our internal libraries to rectify security issues identified in scans. While these issues do not affect KrakenD’s operations, the updated version provides clean container scans. Notably, CVE-2023-29406, related to HTTP/1 client’s Host header validation, does not impact most users due to our zero-trust security, but may affect those utilizing the non-recommended input_headers: ["*"] policy.

Upgrading to the latest version is always advised.

Scarf
 Stay up to date with KrakenD releases and important updates