HAProxy 1.8.17 was released on 2019/01/08. It added 12 new commits
after version 1.8.16.

One of them fixes a security issue discovered by Tim Düsterhus
(CVE-2018-20615) :

   BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used

An incorrect frame length check is performed on HEADERS frame having the
PRIORITY flag, possibly resulting in a read-past-bound which can cause a
crash depending how the frame is crafted. All 1.9 and 1.8 versions are
affected. As a result, all HTTP/2 users must either upgrade or temporarily
disable HTTP/2 by commenting the "npn h2" and "alpn h2" statements on their
related "bind" lines.

Another issue which is very hard to trigger in 1.8 is a lack of timeout
for certain tasks when running from applets. Since 1.8's cache only
supports small objects, it cannot trigger it. In theory extra large stats
page could trigger them but the fact that output contents almost never
end on a buffer boundary makes this very unlikely as well. So I guess
nobody has ever faced it before we had support for large objects in the
1.9 cache.

The rest is pretty minor.

Please do not forget to update!

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Sources          : http://www.haproxy.org/download/1.8/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.8.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
   Changelog        : http://www.haproxy.org/download/1.8/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Christopher Faulet (2):
      BUG/MAJOR: stream-int: Update the stream expiration date in 
      BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send 

Olivier Houchard (1):
      BUG/MEDIUM: server: Also copy "check-sni" for server templates.

Thierry FOURNIER (2):
      BUG/MINOR: lua: bad args are returned for Lua actions
      BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred

Willy Tarreau (7):
      MINOR: mux-h2: only increase the connection window with the first update
      BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than 
the max
      MINOR: lb: allow redispatch when using consistent hash
      MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
      MINOR: stream/cli: report more info about the HTTP messages on "show sess 
      BUG/MEDIUM: cli: make "show sess" really thread-safe
      BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used


Reply via email to