Hello Jonathan, On Wed, 8 Sept 2021 at 21:28, Jonathan Greig <jgr...@redventures.com> wrote: > > Hello! My name is Jonathan Greig and I'm a reporter for ZDNet. I'm > writing a story about CVE-2021-40346 and I was wondering if > Ha Proxy had any comment about the vulnerability.
Just making sure you are aware that this is a public mailing list: https://www.mail-archive.com/haproxy@formilux.org/msg41140.html You can find the CVE-2021-40346 announcement with comments here on this mailing list: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html Short blog article on haproxy.com: https://www.haproxy.com/blog/september-2021-duplicate-content-length-header-fixed/ Long Jfrog article with (lots) of technical details: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ Hope this helps, Lukas