IRRd 4.2.3 was released on March 31st, 2022, and fixes a security
issue with password hash filtering that occurred in all earlier 4.2
releases. The 4.1.x series is not affected.
Previous IRRd 4.2 versions did not always filter password hashes in mntner
objects. This may have allowed adversaries to retrieve some of these hashes,
perform a brute-force search for the clear-text passphrase, and use these
to make unauthorised changes to affected IRR objects.
This issue only affected instances that process password hashes, which means it
is limited to IRRd instances that serve authoritative databases. IRRd instances
operating solely as mirrors of other IRR databases are not affected.
This issue was assigned CVE-2022-24798 and GHSA-cqxx-66wh-8pjw.
See https://irrd.readthedocs.io/en/stable/releases/4.2.3/ for further details.