HomeGuidesChangelog
Changelog
Back to All
added

v2.5.0-stable Release

20 days ago by Dyah

This major release includes the latest emergency security patches, officially clearing "critical" vulnerabilities from the backlog.

Fixed

  • OpenSSL / libssl3 updated to 3.3.6.
    • Issues addressed: CVE-2025-15467
    • Outcome: This update removes a critical pre-Auth remote code execution risk and fixes a bug that could allow an attacker to crash or hijack the service without requiring any login credentials.
  • Go Standard Library (stdlib) updated to v1.25.6
    • Issues addressed: CVE-2025-61726 and CVE-2025-61731
    • Outcome: These fixes prevent memory exhaustion attacks in web forms and potential code execution during build processes.

Changed

  • Upgraded certificates from SHA1 to SHA256: Replaced the legacy SHA1-signed CA certificate with a new SHA256-signed certificate to provide stronger cryptographic protection. This ensures all newly generated client certificates now use the stronger hashing standard by default.

Added

  • The IP addresses below can also be allowlisted for v.2.5.0:
    • 35.202.174.138
    • 136.111.154.45