# Kea 3.0.2 Vulnerability Release Notes, October 29, 2025 Welcome to Kea 3.0.2, a vulnerability release of the stable 3.0 series. This supersedes the previous release, version 3.0.1. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, Role-Based Access Control, run-time configuration monitoring and updates via a REST API, host reservations, and client classification. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For details about Docker issues, visit the page at https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details about packaging, visit the page at https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/. The following changes and fixes have been introduced in version 3.0.2: 1. **Vulnerability**: Corrected an issue, where specific DDNS configuration parameters result in kea-dhcp4 exiting unexpectedly when a client sends certain option content [#4142, #4155]. 2. **Ping-check**: A debug log message is now printed instead of a misleading error message when lease threshold is used along with ping-check [#4129, #4182]. Corrected a deadlock potential situation in ping-check [#4140, #4177]. Fixed a data race in ping-check [#4164, #4178]. ## Incompatible Changes There are no incompatible changes. ## Known Issues There are no significant known issues. ## Acknowledgments ISC would like to thank the following for bringing the issue in CVE-2025-40779 to our attention: * Siniša Uskoković and Ralf Steuer from Vienna University of Economics and Business ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 Some Kea hook libraries are provided under the MPL 2.0; others are licensed with the Kea Hooks Basic Commercial End User License. The source for each hook library includes the applicable license. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/~isc/repos/ Pre-built Docker images and well as Docker files are available. For details, see: https://gitlab.isc.org/isc-projects/kea-docker The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB formats. ISC maintains a public open source code tree, wiki, issue tracking system, milestone planner, and roadmap at https://gitlab.isc.org/isc-projects/kea. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea software support, see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. If you have any comments or questions about working with Kea, please share them to the Kea Users list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/kea/-/issues. ## Changes The following summarizes changes and important upgrades introduced in version 3.0.2: 2384. [sec] tmark When a hostname or FQDN received from a client is reduced to an empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6 will now drop the option. CVE:2025-11232 (Gitlab #4142, #4155) 2383. [build] razvan The library version numbers have been bumped up for the Kea 3.0.2 stable release. (Gitlab #4173) 2382. [bug] razvan Removed logging an error in ping check hook library if using lease cache treshold. (Gitlab #4129, #4182) 2381. [bug] razvan, liyunqing_kylin Fixed deadlock in ping-check hooks library. Thanks to liyunqing_kylin for reporting and providing a patch. (Gitlab #4140, #4177) 2380. [bug] razvan, liyunqing_kylin Fixed a data race in ping-check hooks library. Thanks to liyunqing_kylin for reporting and testing the fix for this issue. (Gitlab #4164, #4178) Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.