There is a new vulnerability in the Lura Project software (which is the KrakenD’s engine). We have immediately corrected the problem in the subsequent release after its report. Please upgrade to the latest version.
The year 2021 ended with terrible news for Java developers who saw how the Log4J vulnerabilities exposed their systems. KrakenD is a Go application and not a Java application. Therefore, it is not affected by this vulnerability in any way. As a result, we didn’t want to add more noise to the chain of emails you could have probably received. Nevertheless, during the past month, we had questions from customers who have Java systems behind KrakenD that could be vulnerable and other users that weren’t sure if KrakenD was impacted or not.
We use cookies to understand how you use our site and to improve your overall experience. By continuing to use our site, you accept our Privacy Policy. More information