[RPKI] Krill 0.13.2 and 0.14.5 released.
Martin Hoffmann
martin at nlnetlabs.nl
Thu Jun 27 15:21:38 UTC 2024
Hello!
We are pleased to announce two releases of Krill, versions 0.13.2
‘Be kind, rewind’ and 0.14.5 ‘Who dis? New Phone.’
These two releases fix an issue that causes Krill to panic if a CA with
multiple parents and children has one of its parents removed, causing
the children to try and revoke their certificates for that parent. This
is relevant for Krill instances under NIC.br that themselves have
children.
In addition, the releases update the HTTP library to avoid a possible
denial-of-service attack described in RUSTSEC-2024-0332. If you are
exposing Krill’s HTTP server directly to the Internet without a reverse
proxy such as Nginx in between, we advise to update at your earliest
convenience.
Version 0.14.5 in addition fixes an issue with encoding empty CRLs and
empty RRDP deltas as well as a possible freeze when trying to access the
RIS data while it is being downloaded. It also adds support for
overriding the manifest number for trust anchor CAs.
The complete list of changes can be found in the release notes at
https://github.com/NLnetLabs/krill/releases/tag/v0.13.2
and
https://github.com/NLnetLabs/krill/releases/tag/v0.14.5
On behalf of the NLnet Labs RPKI team,
Martin
More information about the RPKI
mailing list