PSA: update your DNS resolvers (PiHole, unbound, Bind9, dsnmasq) to patch DNSSEC vulnerability
Researchers recently found a vulnerability in the way DNS resolvers handle DNSSEC validation that allow attackers to DoS resolvers with a single DNS request
My unbound is on v1.13.1 (Raspbian) after update/upgrade. I've read it lags behind the main release by alot, should I trust the process that everything is fine.
Debian usually backports security fixes to older versions, so you may wanna check to Debian if they have an updated version of the package with the security fix.
This can be done by taking the CVE number related to this vulnerability and look at the package changelog.
I'm on DietPi 9 and the latest version for Debian 12 is 1.17.1, sadly. Though I do see 1.19.1 is in testing as of today, according to Debian's package tracker site. Probably not worth trying to install an unstable version of it.