News KrakenD EE 2.12.4 update released

Open Source
Enterprise
AI Gateway
Solutions & Case Studies
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
We have implemented KrakenD and I must say that I am very impressed how easy the installation and configuration process has been. The documentation is one of the best I have ever seen.
Märt Suga
Software Architect, Single.Earth
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Docs
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Partners & Resellers
Blog
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
Compare Open Source VS Enterprise
Contact Sales Watch a demo

Open Source
Enterprise
AI Gateway
Case studies
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO / Smart Tribune

Return to blog's homepage

Blog categories

Recent entries

Product Updates Security Feb 5, 2026

1 min read

KrakenD EE 2.12.4 update released

by Jorge Tarrero

The release of KrakenD Enterprise 2.12.4 upgrades the Go runtime to version 1.25.7, directly addressing two CVEs discovered in Go’s internals

🚀 Summary of changes for EEv2.12.4 (patch)

Recommended security upgrade addressing several vulnerabilities (by the Go team)

Upgraded Go to 1.25.7 addressing several CVEs with disclosed descriptions:
- CVE-2025-61732 A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary
- CVE-2025-68121 Config.GetConfigForClient is documented to use the original Config’s session ticket keys unless explicitly overridden. This can cause unexpected behavior if the returned Config modifies authentication parameters

Upgrading to the latest version is always advised.

Categories: Product Updates Security

Stay up to date with KrakenD releases and important updates