News KrakenD CE v2.2 released! The new open-source version, bringing a new audit command for configuration security analysis and other features.

KrakenD Enterprise 2.1.2 (security fix) released

by Albert Lombarte

Jan 23, 2023

1 min read

The new KrakenD Enterprise version 2.1.2 is already available for install or upgrade. This patch version does not bring significant new functionality but updates dependencies that have security vulnerabilities and adds a few fixes: [security]: Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages amongst others. [fix]: Caching backends with gzipped content wasn’t working properly [fix]: Upgraded the gin router to avoid panics on certain 404 paths.

Continue reading →

KrakenD 2.1.4 (security fix) released

by Albert Lombarte

Jan 12, 2023

1 min read

The new KrakenD version 2.1.4 is now available. This patch version does not bring significant new functionality but updates dependencies that have security vulnerabilities and adds a few fixes: [security]: Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages amongst others. [fix]: Caching backends with gzipped content wasn’t working properly [fix]: Upgraded the gin router to avoid panics on certain 404 paths.

Continue reading →

KrakenD becomes a CNA (CVE Numbering Authority)

by Albert Lombarte

Oct 25, 2022

1 min read

The Spanish National Cybersecurity Institute (INCIBE) announces today the addition of KrakenD as a CNA (CVE Numbering Authority). KrakenD assumes as its own, from this date, the best practices of this program. KrakenD is now authorized by the CVE Program to assign CVE identifiers within its scope and its corresponding publication in the CNA section. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

Continue reading →

CVE-2022-1561: Crafted backend urls

by Daniel López

Jun 21, 2022

1 min read

There is a new vulnerability in the Lura Project software (which is the KrakenD’s engine). We have immediately corrected the problem in the subsequent release after its report. Please upgrade to the latest version.

Continue reading →

KrakenD unnaffected by Log4j

by Albert Lombarte

Jan 6, 2022

2 min read

The year 2021 ended with terrible news for Java developers who saw how the Log4J vulnerabilities exposed their systems. KrakenD is a Go application and not a Java application. Therefore, it is not affected by this vulnerability in any way. As a result, we didn’t want to add more noise to the chain of emails you could have probably received. Nevertheless, during the past month, we had questions from customers who have Java systems behind KrakenD that could be vulnerable and other users that weren’t sure if KrakenD was impacted or not.

Continue reading →

Stay up to date with KrakenD releases and important updates

We use cookies to understand how you use our site and to improve your overall experience. By continuing to use our site, you accept our Privacy Policy. More information