The new KrakenD Enterprise version 2.1.2 is already available for install or upgrade. This patch version does not bring significant new functionality but updates dependencies that have security vulnerabilities and adds a few fixes: [security]: Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages amongst others. [fix]: Caching backends with gzipped content wasn’t working properly [fix]: Upgraded the gin router to avoid panics on certain 404 paths.

Continue reading →

The new KrakenD version 2.1.4 is now available. This patch version does not bring significant new functionality but updates dependencies that have security vulnerabilities and adds a few fixes: [security]: Upgrade from Go 1.19.3 to Go 1.19.5, which includes security fixes to the net/http, crypto/x509, and os packages amongst others. [fix]: Caching backends with gzipped content wasn’t working properly [fix]: Upgraded the gin router to avoid panics on certain 404 paths.

Continue reading →

The Spanish National Cybersecurity Institute (INCIBE) announces today the addition of KrakenD as a CNA (CVE Numbering Authority). KrakenD assumes as its own, from this date, the best practices of this program. KrakenD is now authorized by the CVE Program to assign CVE identifiers within its scope and its corresponding publication in the CNA section. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

Continue reading →

There is a new vulnerability in the Lura Project software (which is the KrakenD’s engine). We have immediately corrected the problem in the subsequent release after its report. Please upgrade to the latest version.

Continue reading →

The year 2021 ended with terrible news for Java developers who saw how the Log4J vulnerabilities exposed their systems. KrakenD is a Go application and not a Java application. Therefore, it is not affected by this vulnerability in any way. As a result, we didn’t want to add more noise to the chain of emails you could have probably received. Nevertheless, during the past month, we had questions from customers who have Java systems behind KrakenD that could be vulnerable and other users that weren’t sure if KrakenD was impacted or not.

Continue reading →