Hello Kong Nation!
We just released Kong 1.1.3. This version is a security patch release for the 1.1 series, including patches to the NGINX core (1.13.6) fixing vulnerabilities in the HTTP/2 module (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). Everyone using Kong with HTTP/2 is advised to upgrade immediately.
We always advise users to use the latest stable version (at the time of this writing, Kong 1.2.2), but we are providing security patch releases to all Kong 1.x versions so that users can perform security upgrades immediately without migrations.
There are no migrations, new features nor breaking changes over Kong 1.1.2.
Here’s a link to the 1.1.3 Changelog.
The updated Docker image is live on Docker Hub.
Kong 1.2.2 and 1.3.0rc2 which were released this week already include this vulnerability fixes. A similar patch release for the 1.0 series will follow shortly. And of course, the upcoming Kong 1.3.0 will include the patches as well.