[RPKI] Routinator 0.14.1 ‘Black Cats and Voodoo Dolls’ released
Martin Hoffmann
martin at nlnetlabs.nl
Wed Jan 22 16:29:44 UTC 2025
Hello!
We are pleased to announce the latest release of Routinator, version
0.14.1 ‘Black Cats and Voodoo Dolls.’
This release fixes a crash when the file names of a manifest’s file list
contain illegal characters. The issue has CVE-2025-0639
assigned. We would like to thank Haya Schulmann and Niklas Vogel of
Goethe University Frankfurt/ATHENE Center for notifying us about this
vulnerability.
In addition, the release improves the memory consumption of the new RRDP
storage introduced in version 0.14.0 which tended to grow rather large
over time. It should now end up with much less overhead. We will
continue to keep an eye on how it develops long term and do further
tweaks if necessary.
Further, standardisation of ASPA has progressed far enough in the IETF
that we feel comfortable to include it in Routinator. You still have to
explicitly set `enable-aspa: true` in your config file or use the
`--enable-aspa` command line option to actually enable it.
Back in version 0.10.2 we disabled GZIP support for the RRDP collector
as there were multiple issues with malicious GZIP files leading to
memory exhaustion. We have now implemented a number of counter-measures
that make us confident to re-enable support.
As always, there have been many smaller changes and improvements.
The full list of changes is available in the release notes
https://github.com/NLnetLabs/routinator/releases/tag/v0.14.1
On behalf of the NLnet Labs Routing Team,
Martin
More information about the RPKI
mailing list