News KrakenD EE 2.12.5 update released

Return to blog's homepage

Blog categories

Product UpdatesSecurity

1 min read

KrakenD EE 2.12.5 update released

by Jorge Tarrero

This release of KrakenD Enterprise Edition brings an upgrade to the Circuit Breaker component, addressing CVE-2026-3206. Additionally, the audit command contains new rules with new deprecation warnings.

Circuit Breaker Upgrade

The headline fix is an upgrade to KrakenD’s Circuit Breaker component, which now patches CVE-2026-3206. This vulnerability could lead to uncontrolled context cancellations, a class of bug that can cascade through your system under load, causing unexpected request failures and degraded service availability.

If you’re using the Circuit Breaker we recommend you to upgrade. The fix ensures that context lifecycle is managed correctly, even under heavy traffic or during backend degradation.

🚀 Summary of changes for EEv2.12.5 (patch)

Recommended upgrade of the Circuit Breaker component

  • The audit command has new deprecation rules.
  • Fixed a bug in auth/validator that could lead to slow startup times in services with a large number (thousands) of endpoints.
  • The runtime context is now properly propagated in client plugins, allowing it to be used for service shutdown, among other purposes.
  • Upgraded Circuit Breaker component addressing CVE-2026-3206.

Upgrading to the latest version is always advised.

Categories: Product UpdatesSecurity

Stay up to date with KrakenD releases and important updates