We are very happy to announce the 4.1.9 release of the PowerDNS Recursor. This release is fixing two security issues, and addressing a shortcoming in the way incoming queries are distributed to threads under heavy load.This release fixes the following security issues:
PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses
These issues respectively affect PowerDNS Recursor from 4.1.4 and 4.1.0, up to and including 4.1.8. PowerDNS Recursor 4.0.x and below are not affected.