[knot-resolver-announce] Knot Resolver 2.4.1

Tomas Krizek tomas.krizek at nic.cz
Thu Aug 2 14:03:25 CEST 2018


Dear Knot Resolver users,

Knot Resolver 2.4.1 has been released.

Security
--------
- fix CVE-2018-10920: Improper input validation bug in DNS resolver
component
  (security!7, security!9)

Bugfixes
--------
- cache: fix TTL overflow in packet due to min_ttl (#388, security!8)
- TLS session resumption: avoid bad scheduling of rotation (#385)
- HTTP module: fix a regression in 2.4.0 which broke custom certs (!632)
- cache: NSEC3 negative cache even without NS record (#384)
  This fixes lower hit rate in NSEC3 zones (since 2.4.0).
- minor TCP and TLS fixes (!623, !624, !626)

Full changelog:
https://gitlab.labs.nic.cz/knot/knot-resolver/raw/v2.4.1/NEWS

Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-2.4.1.tar.xz

GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-2.4.1.tar.xz.asc

Documentation:
https://knot-resolver.readthedocs.io/en/v2.4.1/

-- 
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nic.cz/pipermail/knot-resolver-announce/attachments/20180802/3211ebc5/attachment.sig>


More information about the knot-resolver-announce mailing list