<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);">ISC is pleased to announce that Stork 1.5.1 is now available. </pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);">This release includes only one change, to address a critical security issue,<font face="Courier"> </font><span style="font-family: Courier; caret-color: rgb(26, 26, 27); color: rgb(26, 26, 27); letter-spacing: 0.48px;">CVE-2024-28872: </span></pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);"><span style="font-family: Courier; caret-color: rgb(26, 26, 27); color: rgb(26, 26, 27); letter-spacing: 0.48px;">Incorrect TLS certificate validation can lead to escalated privileges</span><span style="font-family: Courier;">. </span></pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);"><span style="font-family: Courier;">(</span><a href="https://kb.isc.org/docs/cve-2024-28872">https://kb.isc.org/docs/cve-2024-28872</a>) Please follow the the upgrade procedure linked below.</pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);">
The easiest way to install the software is to use ISC’s native deb or RPM packages. They can be downloaded from:
<a href="https://cloudsmith.io/~isc/repos/stork/">https://cloudsmith.io/~isc/repos/stork/</a>
The Stork source and PGP signature for this release may be downloaded from:
<a href="https://www.isc.org/download#Stork">https://www.isc.org/download#Stork</a>
Documentation for Stork is available at:
<a href="https://stork.readthedocs.io/">https://stork.readthedocs.io</a> <<a href="https://stork.readthedocs.io/">https://stork.readthedocs.io/</a>> <<a href="https://stork.readthedocs.io/">https://stork.readthedocs.io/</a>></pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);">——</pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);"><pre style="overflow-wrap: break-word; text-wrap: wrap;"># Stork 1.15.1 Release Notes, March 27, 2024
Welcome to Stork 1.15.1, a security update release. There are no new
features in this release.
Security fixes:
1. **CVE-2024-28872**: A problem with TLS certificates was fixed. This
issue addresses all known problems with TLS certificates. It also
prevents any unauthorized connection attempts using gRPC over http/2
connections, making Stork no longer susceptible for known and predicted
attacks against http/2. For details, see the advisory text:
[CVE-2024-28872](https://kb.isc.org/docs/cve-2024-28872). [#1328].
All users running versions 0.15.0 to 1.15.0 are advised to upgrade as
soon as possible. It is recommended to follow the upgrade procedure are
described here: https://kb.isc.org/docs/upgrading-stork.
Please see this link for known issues:
https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues.
## Incompatible Changes
The changes introduced in this release might be incompatible. The fix
requires generating new certificates. The upgrade process is transparent
if certificates were generated by Stork. The Stork server is able to
detect its own generated certificates and regenerate them properly in an
automated manner. The Stork agents will detect this and will repeat the
registration procedure and retrieve new certificates from the server.
The whole procedure is fully automated, as long as the certificates were
generated by Stork. If the certificates were generated by external party
and imported into Stork, some manual intervention is likely necessary.
See KB article at
https://kb.isc.org/docs/importing-external-certificates-to-stork for
details.
## Release Model
Stork has bi-monthly development releases.
</pre><br class="Apple-interchange-newline" style="white-space: normal;"></pre><pre style="text-wrap: wrap; background-color: rgb(255, 255, 255);"><br></pre></body></html>