# Stork 2.2.1 Release Notes, September 10th 2025

Welcome to Stork 2.2.1, a maintenance release for the 2.2 stable series.
The changes introduced in this version are:

1. **Vulnerability**: When an unauthenticated user sent a large amount
of data to the Stork UI, it could have caused memory and disk use
problems for the system running the Stork server. This has been fixed.
This addresses CVE-2025-8696 [#1950, #1939].

2. **Bug fixes**: We fixed a problem where editing a shared network
could lead to all reservations in a subnet belonging to the shared
network being removed. This problem manifested itself if the
reservations were kept in the config file [#1924, #1866]. We fixed an
agent crash if the BIND config file was missing an `allow` statement in
the statistics-channel configuration [#1925, #1908].

3. **Build improvements**: Stork demo dependencies are now more
flexible. This fixes a demo build problem on some ARM64 architectures
[#1977, #1966]. The offline information about available software
versions was updated [#1981].

Please see this link for known issues:
https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues.

## Incompatible Changes

There are no backward-incompatible changes in this release.

## Release Model

Stork has stable (even minor version, e.g. 2.0.1) and development (odd
minor version, e.g. 2.1.2) releases; development releases are issued
bi-monthly with some exceptions. New stable releases are expected
roughly every six months. For ISC's detailed software support policy,
see https://kb.isc.org/docs/aa-00896#stork.

We recommend using stable versions in production if possible. We
encourage users to test development releases and report back their
findings on the stork-users mailing list (available at
https://lists.isc.org/mailman/listinfo/stork-users) or open GitLab
issues. ISC professional support customers may also report issues via
our support portal.

This text references issue numbers. For more details, visit the Stork
GitLab page at https://gitlab.isc.org/isc-projects/stork/issues.

## License

Stork is released under the Mozilla Public License, version 2.0.

   https://www.mozilla.org/en-US/MPL/2.0

## Download

The easiest way to install the software is to use native deb or RPM
packages. They can be downloaded from:

   https://cloudsmith.io/~isc/repos/stork/

The Stork source and PGP signature for this release may be downloaded
from:

   https://downloads.isc.org/isc/stork

The signature was generated with the ISC code-signing key, which is
available at:

   https://www.isc.org/pgpkey

ISC provides documentation in the Stork Administrator Reference Manual
(ARM). It is available on ReadTheDocs.io at
https://stork.readthedocs.io/en/latest/, and in source form in [the doc/
directory](https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc).

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the stork-users mailing list
(https://lists.isc.org/mailman/listinfo/stork-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Stork GitLab project for bugs, documentation omissions
and errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Professional support for Stork is available from ISC. We encourage all
professional users to consider this option; Stork and Kea maintenance is
funded with support subscriptions. For more information on ISC's Kea and
Stork software support, see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/mailinglists/. If you have any comments or questions
about working with Stork, please share them to the stork-users list
(https://lists.isc.org/mailman/listinfo/stork-users). Bugs and feature
requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/stork/issues.

## Changes

The following summarizes changes and important upgrades since the
previous Stork stable release versioned 2.2.0.

* 534 [sec] slawek

    Added a verification of the size of incoming requests to fix the DoS
    attack vector. Added a patch securing against an integer overflow
    bug in go-pg library (CVE-2024-44905).  This patch prevents
    potential vulnerabilities that could stem from this bug in the
    future.
    (Gitlab #1939, #1940, #1950)

* 533 [build] marcin

    Fixed an issue with starting the demo due to curl version mismatch
    on one of the Docker containers.
    (Gitlab #1977)

* 532 [bug] slawek

    Fixed unexpected wiping out all shared network-related host
    reservations from the configuration file after modifying this shared
    network by UI form.
    (Gitlab #1924)

* 531 [bug] marcin

    The stork-agent gracefully deals with the situation when the
    statistics-channel configuration in BIND 9 lacks the allow
    statement. It logs an error requesting that the allow statement
    is included in the configuration.
    (Gitlab #1925)

* 530 [bug] slawek, piotrek

    Fixed overriding the environment files when updating RPM packages.
    (Gitlab #1907)

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.