A security researcher found four vulnerabilities in Cloudflare's Pingora framework, including three HTTP request smuggling bugs. Here's what each one means for Zentinel, how operators could have mitigated before the fix, and why we were already running the patched version before the CVEs went public.
security
5 agents tagged with "security"
Pingora 0.8.0 brings connection reuse limits, stricter HTTP/1 validation, upload write-pending diagnostics, and a new builder pattern for proxy services. Here's what changed in Zentinel and what operators should know.
We built wafworth, an open-source WAF testing framework with 598 tests across 18 OWASP-aligned categories, and used it to benchmark Zentinel's three WAF agent implementations against each other. No engine won everywhere. Here's what the confusion matrices actually say.
Cloudflare's Pingora 0.7 ships connection-level filtering, extensible TLS context, and the security fixes we were carrying in a fork. Zentinel now runs on upstream Pingora with zero patches — here's what changed and what it unlocks.
Release 26.02 adds supply chain security to every Zentinel release — cosign signatures, SLSA provenance, and SBOMs in CycloneDX and SPDX formats. Here's what we built, why it matters, and how to verify your deployment in 30 seconds.