SCONE 6.0
SCONE 6.0.7
🛑 Security
Updated libraries and packages included in published SCONE images to incorporate fixes for the following CVEs:
- Improved input validation and request handling to reduce the risk of malformed or unexpected data affecting application behavior (CVE-2025-13836).
- Strengthened authentication controls and tightened access verification across protected functionality (CVE-2025-15467).
- Enhanced safeguards around data processing to reduce the likelihood of unauthorized information exposure (CVE-2025-64720).
- Improved server-side validation and boundary checks to better protect against unintended actions (CVE-2025-65018).
- Reinforced session and state management mechanisms to improve account and application security (CVE-2025-66293).
- Added additional protections to improve the secure handling of internal service communications (CVE-2025-69419).
- Strengthened authorization logic to ensure more consistent enforcement of permissions (CVE-2025-69420).
- Improved resilience against malformed requests and strengthened application stability under abnormal conditions (CVE-2025-69421).
- Enhanced validation and security checks for user interactions and data submission workflows (CVE-2026-22695).
- Applied additional hardening measures to reduce opportunities for unintended access paths (CVE-2026-22801).
- Improved protection around sensitive operations through stronger verification and control mechanisms (CVE-2026-23111).
- Strengthened internal security controls to improve reliability and reduce abuse scenarios (CVE-2026-25210).
- Enhanced component isolation and defensive controls to limit the impact of unexpected behavior (CVE-2026-25646).
- Improved validation and error handling to increase robustness and security coverage (CVE-2026-25679).
- Reinforced integrity checks and improved handling of security-sensitive workflows (CVE-2026-33416).
- Strengthened protections to better enforce expected application behavior and access boundaries (CVE-2026-33636).
- Improved backend security controls and added additional safeguards around service operations (CVE-2026-34714).
- Applied general security hardening and stability improvements to strengthen overall platform resilience (CVE-2026-34982).
SCONE 6.0.6
🐞 Bug Fixes
- SCONE Runtime: fixed a state restoration bug that could lead to sporadic runtime errors under certain conditions.
🛑 Security
Updated libraries and packages included in published SCONE images to incorporate fixes for the following CVEs:
- Fixed an issue that could lead to excessive resource consumption under certain conditions (CVE-2025-38666)
- Fixed a flaw that could cause uncontrolled resource usage during request handling (CVE-2025-66418)
- Fixed an issue in data processing that could result in excessive resource consumption (CVE-2025-66471)
- Fixed a flaw that could allow safeguards to be bypassed, leading to increased resource usage (CVE-2026-21441)
SCONE 6.0.5
🐞 Bug Fixes
- Fix memory clean-up for some data structures in the SCONE Runtime
🛑 Security
- Upgrade dependencies to address an issue that could result out-of-bounds memory access when using OpenSSL (CVE-2025-9230)
SCONE 6.0.4
🛑 Security
- Fix an issue in input and condition handling within the Go ecosystem (CVE-2024-25621)
- Address a validation-related security issue in Go-based components (CVE-2025-58183)
- Fix a security issue in HTTP cookie handling within the Go HTTP stack (CVE-2025-58186)
- Handling of exceptional conditions in Go-based components was improved (CVE-2025-58187)
- State and lifecycle handling in the Go ecosystem was updated (CVE-2025-61729)
SCONE 6.0.3
🐞 Bug Fixes
- Disable ANSI colors in the SCONE CLI
- Terminate LAS if SCONE QE was lost due to power transition or subsequent signing requests fail
- SCONE Runtime performance and error handling improvements
- Fix renaming on the SCONE Runtime exposed metrics
- Show EPC size during enclave start
- Fix toleration and taints checks in the CAS Backup Controller
- In the CAS Backup Controller and kubectl plugin ensure that we use the SCONECLI upgrade command to upgrade and backup a CAS instance
- kubectl-provision fix custom owner config and alt_names in default owner config
- kubectl-provision only disable safety service during upgrade from versions 5.x
- operator_controller use IMAGE_REPO in check_pull_secret function
🛑 Security
- Upgrade the Alpine-based base images
- Upgrade the Docker-in-Docker-based base images
SCONE 6.0.2
🐞 Bug Fixes
- Fix install/upgrade version check in the
operator_controllerscript
SCONE 6.0.1
🛡️ CAS
- Reworked upgrade/backup CAS registration logic to allow activating of new CPU features (e.g. AVX512) and improve error messages
⚙️ Runtime
- Fixes to minimize heap fragmentation
🛑 Common Vulnerabilities and Exposures Fixes
🐞 Bug Fixes
- Fix on the
operator_controllerscript - Remove dependency on unhealthy state of CAS during upgrade
SCONE 6.0.0
💥 Breaking Change
- Upgrade to DCAP API v4. This will most likely break existing sessions by NOT allowing enclaves to attest anymore. The currently used API v3 does not deliver Advisory IDs. Thus, sessions don't have to tolerate any Advisory IDs. After switching to Intel DCAP v4 those systems will probably have Advisory IDs reported that must be tolerated in the sessions as otherwise the enclaves will be rejected during attestation. Sessions that ignore all advisories for availability means won't be affected by this.
- The following SCONE Curated images have been removed due to the End-of-Life of their Debian 11 base image:
- apps:java-17-bullseye
- apps:nextcloud-apache
- apps:php-8.1-apache-zts
- apps:redis-6.2.6-bullseye
- golang:1.22.5-bullseye
- golang:1.23.8-bullseye
- python:3.8-bullseye
- rclone:1.69-bullseye
- teemon:ebpf-exporter
- Revert the change on the base image of the
crosscompilerimage from ubuntu24.04 to ubuntu24.10. We stick to support for LTS versions. - Dropped SCONE Vault support.
- Remove
backup-controller.casfield in the SCONE CAS Kubernetes CRD.
🛡️ CAS
- Support Intel DCAP API v4 by default
⚙️ Runtime
- Extend Prometheus metrics with identifying labels.
🐞 Bug Fixes
- Fix various stability and performance bugs.