We are pleased to announce the latest release of Routinator, version 0.10.2 ‘Skuffet, men ikke overrasket.’
This release is part of a Coordinated Vulnerability Disclosure for vulnerabilities in RPKI relying party implementations conducted by the University of Twente and the National Cyber Security Centre of the Netherlands (NCSC-NL). It provides fixes for three issues, CVE-2021-43172, CVE-2021-43173 and CVE-2021-43174, that allow malicious RRDP repositories to either stall validation or cause Routinator to run out of memory.
None of these fixes change Routinator's behaviour. All users are encouraged to update to this version.