Am 19.04.2018 um 17:34 schrieb Willy Tarreau:
> Hi,
> HAProxy 1.8.8 was released on 2018/04/19. It added 8 new commits
> after version 1.8.7.

As usual the images are updated

If you ask why do I still build this images also for openshift, the easy
answer is that this image have lua included and therfore you can run the
header dumper without to modify the image ;-)

Best regards

> The most important one fixes a vulnerability in the HTTP/2 frame parser
> which can be used to remotely crash the process. Code execution is
> extremely unlikely to happen given that buffer allocation from memory
> pools is not quite predictable and that the surrounding memory areas
> are also unpredictable in a production environment. But since it is
> very easy to crash the process, H2 users must absolutely upgrade.
> A CVE id was requested, unfortunately it was not delivered before this
> announce but I preferred to keep everyone safe by releasing as soon as
> possible. I want to address special thanks to Jordan Zebor from F5
> Networks for reporting this issue responsibly.
> The other relevant commits fix a min/max bug involving gcc < 4.7 with
> threads which affect frequency counters, a risk of crash when a mux
> failed to initialize and is destroyed, and a risk of event losses with
> kqueue.
> Please find the usual URLs below :
>    Site index       :
>    Discourse        :
>    Sources          :
>    Git repository   :
>    Git Web browsing :
>    Changelog        :
>    Cyril's HTML doc :
> Willy
> ---
> Complete changelog :
> Aurélien Nephtali (2):
>       BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
>       MINOR: cli: Ensure the CLI always outputs an error when it should
> Christopher Faulet (2):
>       BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
>       BUG/MINOR: http: Return an error in proxy mode when url2sa fails
> Olivier Houchard (2):
>       BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
>       BUG/MEDIUM: kqueue: When adding new events, provide an output to get 
> errors.
> Willy Tarreau (2):
>       DOC: lua: update the links to the config and Lua API
>       BUG/CRITICAL: h2: fix incorrect frame length check
> ---

Reply via email to