[RPKI] Routinator 0.10.2 ‘Skuffet, men ikke overrasket’ released
Martin Hoffmann
martin at nlnetlabs.nl
Tue Nov 9 15:53:50 UTC 2021
Hi!
We are pleased to announce the latest release of Routinator, version
0.10.2 ‘Skuffet, men ikke overrasket.’
This release is part of a Coordinated Vulnerability Disclosure for
vulnerabilities in RPKI relying party implementations conducted by
the University of Twente and the National Cyber Security Centre of the
Netherlands (NCSC-NL). It provides fixes for three issues,
CVE-2021-43172, CVE-2021-43173 and CVE-2021-43174, that allow malicious
RRDP repositories to either stall validation or cause Routinator to run
out of memory.
For more information on the issues, see the RPKI security advisories at
https://nlnetlabs.nl/projects/rpki/security-advisories
The full list of changes in this release is available in the release
notes at
https://github.com/NLnetLabs/routinator/releases/tag/v0.10.2
None of these fixes change Routinator's behaviour. All users are
encouraged to update to this version. Information about updating
can be found in the Routinator docs at
https://routinator.docs.nlnetlabs.nl/en/stable/installation.html#updating
Happy Routinating!
On behalf of the NLnet Labs RPKI Team,
Martin
More information about the RPKI
mailing list