Krill 0.13.2 and 0.14.5 Released

Published: Thu 27 June 2024
Last updated: Wed 24 July 2024

We are pleased to announce the two releases of Krill, versions 0.13.2 ‘Be kind, rewind’ and 0.14.5 ‘Who dis? New Phone.’

Krill is a daemon for running delegated RPKI, featuring a Certificate Authority and a publication server that allows you to create and publish signed statements about routing intent.

These two releases fix an issue that causes Krill to panic if a CA with multiple parents and children has one of its parents removed, causing the children to try and revoke their certificates for that parent. This is relevant for Krill instances under NIC.br that themselves have children.

In addition, the releases update the HTTP library to avoid a possible denial-of-service attack described in RUSTSEC-2024-0332. If you are exposing Krill’s HTTP server directly to the Internet without a reverse proxy such as Nginx in between, we advise to update at your earliest convenience.

Version 0.14.5 in addition fixes an issue with encoding empty CRLs and empty RRDP deltas as well as a possible freeze when trying to access the RIS data while it is being downloaded. It also adds support for overriding the manifest number for trust anchor CAs.

The complete list of changes can be found in the release notes for 0.13.2 and 0.14.5.

Related links:

software update rpki