From 287d5eb28d9e7c4fa76dd8fd5e15c644e0387760 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Thu, 16 Apr 2026 16:34:59 +0000 Subject: [PATCH] upgrade: coturn 4.6.3-r1 -> 4.10.0-r1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changelog summary: Security fixes (CVE-2025-69217, CVE-2026-27624, CVE-2026-40613), performance improvements (recvmmsg, lock-free atomics), memory safety fixes, and DDoS handling improvements. Risk: CAUTION (4.7.0 has breaking changes for deprecated config options) Breaking changes: 4.7.0 removed keep-address-family, response-origin-only-with-rfc5780, inverted no-stun-backward-compatibility. None of these are in our config — no impact. DB backup: no (not DB-backed) Config changes applied: none (no-tlsv1, no-tlsv1_1, no-cli now unnecessary but still accepted — no removal needed) Flagged for manual review: none Co-Authored-By: Service Upgrade Agent --- stacks/coturn/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks/coturn/main.tf b/stacks/coturn/main.tf index 53b544b9..0c1167a0 100644 --- a/stacks/coturn/main.tf +++ b/stacks/coturn/main.tf @@ -148,7 +148,7 @@ resource "kubernetes_deployment" "coturn" { spec { container { name = "coturn" - image = "coturn/coturn:4.6.3-r1" + image = "coturn/coturn:4.10.0-r1" args = ["-c", "/etc/turnserver/turnserver.conf"] # STUN/TURN signaling port