Hi Lukas,
Thanks for the reply.
My query goes along the lines of which Lua version is compatible with HAproxy
and contains fixes to those CVEs.
I could not find a specific instruction as to which Lua version can be used to
build HAproxy / has been tested for production use.
We are consuming a bundled version (currently HAproxy 1.9.15 with Lua 5.3.5)
but I don't know if it is safe to bump the Lua version only.
Thanks and regards,
D
On 29.07.20, 11:06, "Lukas Tribus" <lu...@ltri.eu> wrote:
Hello,
On Wed, 29 Jul 2020 at 10:23, Froehlich, Dominik
<dominik.froehl...@sap.com> wrote:
>
> Hello everyone,
>
> Not sure if this is already addressed. Today I got a CVE report of
several issues with Lua 5.3.5 up to 5.4.
>
> I believe Lua 5.4 is currently recommended to build with HAproxy 2.x?
>
> Before I open an issue on github I would like to ask if these are already
known / addressed:
I don't understand, specifically what are you asking us to do here?
It's not like we ship LUA ...
Lukas
