Hi Rob/Thomas, Good day!! Thanks for the update, so as per the link the current patch is 2.0.8 released on 23-10-2019, request you to please confirm whether this patch is also a security patch and fixing any vulnerability (please provide CVE if available) or not as it has one major bug fix in the release notes.
Regards, Anurag -----Original Message----- From: Willy Tarreau <w...@1wt.eu> Sent: Wednesday, November 6, 2019 12:22 PM To: Rob Thomas <xro...@gmail.com> Cc: APCoE Product Notifications <apcoeproductnotificati...@wellsfargo.com>; haproxy@formilux.org; Na, Anurag <anurag...@wellsfargo.com> Subject: Re: Product Info On Wed, Nov 06, 2019 at 05:32:26AM +1000, Rob Thomas wrote: > "Prior to" means "before". So 2.0.6 is when it was fixed. Yep, and by the way, you should use any newer 2.0.X release which will contain many more important fixes than this one that is unlikely to hit anyone outside of a lab purposely built to trigger it (since "http-reuse always" is clearly documented as "must not use with known non-compliant servers"). If unsure, it's always good to check for known fixes here: http://www.haproxy.org/bugs/bugs-2.0.html Willy