Hi Lukas, Thanks for the reply. My query goes along the lines of which Lua version is compatible with HAproxy and contains fixes to those CVEs. I could not find a specific instruction as to which Lua version can be used to build HAproxy / has been tested for production use.
We are consuming a bundled version (currently HAproxy 1.9.15 with Lua 5.3.5) but I don't know if it is safe to bump the Lua version only. Thanks and regards, D On 29.07.20, 11:06, "Lukas Tribus" <lu...@ltri.eu> wrote: Hello, On Wed, 29 Jul 2020 at 10:23, Froehlich, Dominik <dominik.froehl...@sap.com> wrote: > > Hello everyone, > > Not sure if this is already addressed. Today I got a CVE report of several issues with Lua 5.3.5 up to 5.4. > > I believe Lua 5.4 is currently recommended to build with HAproxy 2.x? > > Before I open an issue on github I would like to ask if these are already known / addressed: I don't understand, specifically what are you asking us to do here? It's not like we ship LUA ... Lukas