This release of 2.1.8 fixes a number of bugs related to the purging of keys, a potential denial of service vulnerability in some installations, and a few rare but nasty potential crashes. Earlier versions of OpenDNSSEC 2.1 might not have all keys purged from the HSM if instructed to do so. Since this is now done automatically this is worth pointing out that this was a bug and old keys will be permanently removed from the HSM.
Special thanks to the people who helped us make OpenDNSSEC better and better, they are as always mentioned in the NEWS file. Two of the bugs were only traceable with their help.
The 2.1.8 release is available immediately from the download site.
- OPENDNSSEC-954: Upgrade autoconf/automake configuration chain for version 2.69/1.16.2.
- SUPPORT-261: Fix to crash when using ods-enforcer set-policy command.
- OPENDNSSEC-953: Fix to crash in case zone file not present while getting a signconf update and state flush command. Thanks to Stefan Ubbink from SIDN for the co-operation in this fix.
- OPENDNSSEC-951: Modify the purging of keys, to make it automatic to purge keys from the HSM. Thanks to Stefan Ubbink from SIDN for the co-operation in this fix.
- OPENDNSSEC-950: Fix that caused crash when signer was offline for a prolonged period (but the enforcer wasn’t) in the middle of a ZSK roll.
- OPENDNSSEC-952: memory leak in when receiving NOTIFY for non-existent zone. Thanks to Sébastien Tisserant for reporting.
For OpenDNSSEC 2.1.8 download and additional information: