Case Study How Showpo Rebuilt Its API Layer for a Global Headless Migration

Products
Community Edition
Open Source API Gateway Free to use The high-performance open source API gateway, free to use and trusted by thousands of teams.
Enterprise Edition
API Gateway Enterprise-Grade with SLAs Production-grade gateway with security, governance, and 24/7 support backed by SLAs.
AI Gateway Same Gateway, Now for AI LLM routing, prompt guardrails, token budgets, and a built-in MCP server, all from one gateway.
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Solutions
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
KrakenD allowed us to focus on our backend and deploy a secure and performant system in a few days. After more than 2 years of use in production and 0 crash or malfunction, it also has proven its robustness
Jonathan Muller
CTO, Openroom Inc.
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Security Advisories
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Blog
Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO, Smart Tribune
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Partners
Docs

Partners
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO / Smart Tribune

CVE-2025-4674 High · CVSS 8.6 False Positive

cmd/go: Unexpected Command Execution via Untrusted VCS Repository Metadata

This CVE does not affect KrakenD

The vulnerability affects the go build command when processing VCS repositories with mixed version control metadata. KrakenD never runs the Go toolchain at runtime — cmd/go is a build-time tool only. A running KrakenD deployment cannot trigger this code path.

Addressed through routine dependency maintenance in CE 2.10.2 and EE 2.10.3.

Component

Go toolchain (cmd/go)

Disclosed

Jul 9, 2025

CVSS Score

8.6

Description

The go command may execute unexpected commands when operating on repositories that contain metadata for multiple version control systems — for example, a Git repository that also contains Mercurial configuration. An attacker who can influence the repository contents during a build could trigger execution of arbitrary VCS commands. Modules retrieved via standard go get are not affected. KrakenD never invokes the Go toolchain at runtime, so a running deployment cannot be exploited through this vulnerability.

References

View CVE-2025-4674 on NVD

Stay up to date with KrakenD releases and important updates