This release fixes an issue with security implications that has been recently reported in the HTTP remote backend of the PowerDNS Authoritative Server. Setups that are not using this backend are not impacted by this issue. More information can be found in the corresponding security advisory:
- PowerDNS Security Advisory 2019-03 (CVE-2019-3871): Insufficient validation in the HTTP remote backend
There are some additional smaller improvements and bug fixes in this release. Please see the changelog:
- #7576: Insufficient validation in the HTTP remote backend
- #7546: Fix API search failed with “Commands out of sync; you can’t run this command now”
- #7219: Fix static lookup when using weighted records on multiple record types.
- #7516: Report “checkKey“ errors upwards.
This release was made possible by contributions from: Aki Tuomi, Sebastian, Robin Geuze and Baptiste Courtois.
The tarball (signature) is available at downloads.powerdns.com and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty, Xenial and Cosmic are available from repo.powerdns.com.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.