Workflow

Irrd

Latest version: v4.4.4

Safety actively analyzes 631143 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 12

4.2.5

* Deletions could fail for cases where the same RPSL primary key
was used in the same source for different objects with different
object classes. This could prevent NRTM updates from progressing.
Any mirroring processes that were stuck due to this bug will
recover after upgrading. 660
* The irrd_load_pgp_keys_ command was missing from the distribution 655
* An obscure situation where a non-ASCII character
could be permitted in RPSL primary keys was corrected 651
* Added a warning that when using PostgreSQL replication, the
local preload store may not be updated causing
potential stale responses to queries 656

**Full Changelog**: https://github.com/irrdnet/irrd/compare/v4.2.4...v4.2.5

4.2.4

This could affect the results of queries like `!i` and `!m` and their GraphQL counterparts, which only return or consider one object, while multiple objects with the same primary key may exist in different sources. Where these multiple objects did exist, the responses to the queries could prefer the object from a less preferred source. This behaviour was not always consistent.

This affected both the source order set in the `sources_default` setting and an explicit source order set for a specific query.

4.2.3

issue with password hash filtering that occurred in all earlier 4.2
releases. The 4.1.x series is not affected.

Previous IRRd 4.2 versions did not always filter password hashes in `mntner`
objects. This may have allowed adversaries to retrieve some of these hashes,
perform a brute-force search for the clear-text passphrase, and use these
to make unauthorised changes to affected IRR objects.

This issue only affected instances that process password hashes, which means it
is limited to IRRd instances that serve authoritative databases. IRRd instances
operating solely as mirrors of other IRR databases are not affected.

This issue was assigned CVE-2022-24798 and [GHSA-cqxx-66wh-8pjw](https://github.com/irrdnet/irrd/security/advisories/GHSA-cqxx-66wh-8pjw).

See https://irrd.readthedocs.io/en/stable/releases/4.2.3/ for further details.

4.2.2

Not secure

4.2.1

Not secure

4.2.0

Not secure

Page 4 of 12

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.