<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><pre style="text-wrap-mode: wrap;"><font face="Courier">Kea users:
Internet Systems Consortium is pleased to announce the release of Kea 2.4.2, 2.6.3 and 2.7.9. Please note that all three of these releases contain fixes addressing multiple security issues detailed in three CVEs published today. </font></pre><pre style="text-wrap-mode: wrap;"><ul style="white-space: normal; caret-color: rgb(98, 97, 104); margin: 0px 0px 1rem; padding: 0px;"><li style="margin-top: 0px; line-height: 1.6em; margin-left: 25px; padding-left: 3px;"><font face="Courier">CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation <a href="https://kb.isc.org/docs/cve-2025-32801" rel="nofollow noreferrer noopener" target="_blank" style="margin-top: 0px;">https://kb.isc.org/docs/cve-2025-32801</a></font></li><li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;"><font face="Courier">CVE-2025-32802: Insecure handling of file paths allows multiple local attacks <a href="https://kb.isc.org/docs/cve-2025-32802" rel="nofollow noreferrer noopener" target="_blank" style="margin-top: 0px;">https://kb.isc.org/docs/cve-2025-32802</a></font></li><li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;"><font face="Courier">CVE-2025-32803: Insecure file permissions can result in confidential information leakage <a href="https://kb.isc.org/docs/cve-2025-32803" rel="nofollow noreferrer noopener" target="_blank" style="margin-top: 0px;">https://kb.isc.org/docs/cve-2025-32803</a></font></li></ul></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">Kea 2.4.2 is expected to be our last release on that old stable branch, which we will be retiring with the release of Kea 3.0, expected in June. </font></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">Kea 2.6.3 is our current stable version. </font></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">Release notes for these two versions are available at:</font></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">Kea 2.4.2 <a href="https://downloads.isc.org/isc/kea/2.4.2/Kea-2.4.2-ReleaseNotes.txt">https://downloads.isc.org/isc/kea/2.4.2/Kea-2.4.2-ReleaseNotes.txt</a></font></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">Kea 2.6.3 <a href="https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt">https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt</a></font></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">Releases in the Kea 2.7.x sequence are part of the Kea development branch, where new features are provided for testing and evaluation before the branch is designated stable and recommended for production use.
Release notes for the development version are available at: <a href="https://downloads.isc.org/isc/kea/2.7.9/Kea-2.7.9-ReleaseNotes.txt">https://downloads.isc.org/isc/kea/2.7.9/Kea-2.7.9-ReleaseNotes.txt</a>
Source tarballs and packages are available from our Cloudsmith repositories at <a href="https://cloudsmith.io/~isc/repos/kea-2-4/groups/">https://cloudsmith.io/~isc/repos/kea-2-4/groups/</a> and <a href="https://cloudsmith.io/~isc/repos/kea-2-6/groups/" style="text-wrap-mode: wrap;">https://cloudsmith.io/~isc/repos/kea-2-6/groups/</a><span style="text-wrap-mode: wrap;"> for the stable versions and </span><a href="https://cloudsmith.io/~isc/repos/kea-dev/packages/" style="text-wrap-mode: wrap;">https://cloudsmith.io/~isc/repos/kea-dev/packages/</a><span style="text-wrap-mode: wrap;"> for the development version. All releases are also available from the ISC download page at </span><a href="https://www.isc.org/download/#Kea." style="text-wrap-mode: wrap;">https://www.isc.org/download/#Kea.</a></font></pre><pre style="text-wrap-mode: wrap;"><font face="Courier">
Thank you for using ISC’s software!</font></pre></body></html>