Routinator 0.10.2 ‘Skuffet, men ikke overrasket’ released

We are pleased to announce the latest release of Routinator, version 0.10.2 ‘Skuffet, men ikke overrasket.’

This release is part of a Coordinated Vulnerability Disclosure for vulnerabilities in RPKI relying party implementations conducted by the University of Twente and the National Cyber Security Centre of the Netherlands (NCSC-NL). It provides fixes for three issues, CVE-2021-43172, CVE-2021-43173 and CVE-2021-43174, that allow malicious RRDP repositories to either stall validation or cause Routinator to run out of memory.

For more information on the issues, see the RPKI security advisories.. The full list of changes in this release is available in the release notes..

None of these fixes change Routinator's behaviour. All users are encouraged to update to this version.