Hi! We are pleased to announce the latest release of Routinator, version 0.10.2 ‘Skuffet, men ikke overrasket.’
This release is part of a Coordinated Vulnerability Disclosure for vulnerabilities in RPKI relying party implementations conducted by the University of Twente and the National Cyber Security Centre of the Netherlands (NCSC-NL). It provides fixes for three issues, CVE-2021-43172, CVE-2021-43173 and CVE-2021-43174, that allow malicious RRDP repositories to either stall validation or cause Routinator to run out of memory. For more information on the issues, see the RPKI security advisories at https://nlnetlabs.nl/projects/rpki/security-advisories The full list of changes in this release is available in the release notes at https://github.com/NLnetLabs/routinator/releases/tag/v0.10.2 None of these fixes change Routinator's behaviour. All users are encouraged to update to this version. Information about updating can be found in the Routinator docs at https://routinator.docs.nlnetlabs.nl/en/stable/installation.html#updating Happy Routinating! On behalf of the NLnet Labs RPKI Team, Martin -- RPKI mailing list [email protected] https://lists.nlnetlabs.nl/mailman/listinfo/rpki
