# Stork 1.15.1 Release Notes, March 27, 2024 Welcome to Stork 1.15.1, a security update release. There are no new features in this release. Security fixes: 1. **CVE-2024-28872**: A problem with TLS certificates was fixed. This issue addresses all known problems with TLS certificates. It also prevents any unauthorized connection attempts using gRPC over http/2 connections, making Stork no longer susceptible for known and predicted attacks against http/2. For details, see the advisory text: [CVE-2024-28872](https://kb.isc.org/docs/cve-2024-28872). [#1328]. All users running versions 0.15.0 to 1.15.0 are advised to upgrade as soon as possible. It is recommended to follow the upgrade procedure are described here: https://kb.isc.org/docs/upgrading-stork. Please see this link for known issues: https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues. ## Incompatible Changes The changes introduced in this release might be incompatible. The fix requires generating new certificates. The upgrade process is transparent if certificates were generated by Stork. The Stork server is able to detect its own generated certificates and regenerate them properly in an automated manner. The Stork agents will detect this and will repeat the registration procedure and retrieve new certificates from the server. The whole procedure is fully automated, as long as the certificates were generated by Stork. If the certificates were generated by external party and imported into Stork, some manual intervention is likely necessary. See KB article at https://kb.isc.org/docs/importing-external-certificates-to-stork for details. ## Release Model Stork has bi-monthly development releases. We encourage users to test the development releases and report back their findings on the stork-users mailing list, available at https://lists.isc.org/mailman/listinfo/stork-users, or report bugs at https://gitlab.isc.org/isc-projects/stork/-/issues/. This text references issue numbers. For more details, visit the Stork GitLab page at https://gitlab.isc.org/isc-projects/stork/-/issues. ## License Stork is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 ## Download The easiest way to install the software is to use native deb or RPM packages. They can be downloaded from: https://cloudsmith.io/~isc/repos/stork/ The Stork source and PGP signature for this release may be downloaded from: https://downloads.isc.org/isc/stork The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides documentation in the Stork Administrator Reference Manual (ARM). It is available on ReadTheDocs.io at https://stork.readthedocs.io/en/latest/, and in source form in [the doc/ directory](https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc). We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the stork-users mailing list (https://lists.isc.org/mailman/listinfo/stork-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Stork GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/mailinglists/. If you have any comments or questions about working with Stork, please share them to the stork-users list (https://lists.isc.org/mailman/listinfo/stork-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/stork/issues. ## Changes The following summarizes changes and important upgrades since the previous Stork release, version 1.14.0. * 382 [sec] ! slawek Fixed CVE-2024-28872 vulnerability. (Stork #1328) Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.