Internet Systems Consortium is pleased to announce the releases of Kea 3.0.2
and 3.1.3. Kea 3.0.2 is a maintenance release on the existing stable branch,
and Kea 3.1.3 is a development release.
Please note that both versions address a vulnerability in kea-dhcpv4: Invalid
characters can cause an assert. This is CVE-2025-11232
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11232>. See our
published advisory at https://kb.isc.org/docs/cve-2025-11232.
Release notes for the new stable version are available at
https://downloads.isc.org/isc/kea/3.0.2/Kea-3.0.2-ReleaseNotes.txt
Release notes for the new development version are available at
https://downloads.isc.org/isc/kea/3.1.3/Kea-3.1.3-ReleaseNotes.txt
Source tarballs and packages are available from our Cloudsmith repositories at
https://cloudsmith.io/~isc/repos/kea-3-0/groups/ for the stable version, and at
https://cloudsmith.io/~isc/repos/kea-dev/groups/ for the development version.
The releases are also available from the ISC download page at
https://www.isc.org/download/#Kea. Development versions are not suitable for
production use.
Maintenance of the Kea 2.4 branch ended with the release of Kea 3.0.0. Please
make plans to update to the 2.6 or 3.0 versions if you haven't already.
Thank you for using ISC’s software!
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
[email protected]
