News KrakenD EE v2.8 released: Configurable logging, Redis-backed rate limits, Lua, YAML encoding and more

Product UpdatesSecurity

1 min read

KrakenD CE 2.4.2 and EE 2.3.3 security fixes

by Albert Lombarte

A new patch version KrakenD Enterprise 2.3.3, and another for KrakenD Community 2.4.2 is available on the download page and the Docker registry. Upgrading from any 2.x is backward compatible.

The following security fixes do not seem to have any impact on KrakenD after all the tests performed, but a patch is offered as a cautionary measure.

🚀 Summary of changes for CEv2.4

We have updated our internal libraries to rectify security issues identified in scans. While these issues do not affect KrakenD’s operations, the updated version provides clean container scans. Notably, CVE-2023-29406, related to HTTP/1 client’s Host header validation, does not impact most users due to our zero-trust security, but may affect those utilizing the non-recommended input_headers: ["*"] policy.

Upgrading to the latest version is always advised.

Scarf

Stay up to date with KrakenD releases and important updates