New versions of BIND 9 have been released: 9.18.37, 9.20.9, and 9.21.8. These updates include various bug fixes, feature enhancements, and a critical security patch addressing vulnerability CVE-2025-40775. Notably, the existing ESV branch, 9.18.X, remains unaffected by this specific vulnerability.
These maintenance releases are available for download from the ISC software download page, and updates for packages and container images will be rolled out later today. Detailed information regarding the security vulnerability can be found in the related Security Advisory. Users can also refer to the release notes for a summary of significant changes in each version:
- BIND 9.18.37: [Release Notes](https://downloads.isc.org/isc/bind9/9.18.37/doc/arm/html/notes.html)
- BIND 9.20.9: [Release Notes](https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html)
- BIND 9.21.8 (Experimental): [Release Notes](https://downloads.isc.org/isc/bind9/9.21.8/doc/arm/html/notes.html)
It's important to note that BIND's supported platforms are detailed in the ARM and a specific knowledge base article. The support for RHEL 7 ended in June 2024, and BIND will not be compatible with RHEL 7 moving forward.
As BIND continues to evolve, users are encouraged to keep their software updated to benefit from the latest security measures and improvements. The ISC team appreciates the ongoing support from its user community.
In extension, it is advisable for users to regularly check for updates and patches to ensure the security and efficiency of their systems. Additionally, staying informed about deprecation timelines for platforms can help organizations plan for necessary migrations to supported environments. The ongoing commitment from ISC to enhance BIND’s functionality and security reflects the organization’s dedication to providing robust DNS solutions
These maintenance releases are available for download from the ISC software download page, and updates for packages and container images will be rolled out later today. Detailed information regarding the security vulnerability can be found in the related Security Advisory. Users can also refer to the release notes for a summary of significant changes in each version:
- BIND 9.18.37: [Release Notes](https://downloads.isc.org/isc/bind9/9.18.37/doc/arm/html/notes.html)
- BIND 9.20.9: [Release Notes](https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html)
- BIND 9.21.8 (Experimental): [Release Notes](https://downloads.isc.org/isc/bind9/9.21.8/doc/arm/html/notes.html)
It's important to note that BIND's supported platforms are detailed in the ARM and a specific knowledge base article. The support for RHEL 7 ended in June 2024, and BIND will not be compatible with RHEL 7 moving forward.
As BIND continues to evolve, users are encouraged to keep their software updated to benefit from the latest security measures and improvements. The ISC team appreciates the ongoing support from its user community.
In extension, it is advisable for users to regularly check for updates and patches to ensure the security and efficiency of their systems. Additionally, staying informed about deprecation timelines for platforms can help organizations plan for necessary migrations to supported environments. The ongoing commitment from ISC to enhance BIND’s functionality and security reflects the organization’s dedication to providing robust DNS solutions
BIND 9.18.37, 9.20.9, 9.21.8 released
New BIND 9 releases, 9.18.37, 9.20.9, and 9.21.8, are now available. The updates encompass bug fixes, enhancements to features, and a resolution for a security vulnerability (CVE-2025-40775). The existing ESV branch, 9.18.X, remains unaffected.
