Hello together, we use
/etc/apt/sources.list.d/haproxy.list deb http://haproxy.debian.net bullseye-backports-2.4 main and apt list --upgradable shows: Listing... Done haproxy/bullseye-backports-2.4 2.4.21-2~bpo11+1 amd64 [upgradable from: 2.4.21-1~bpo11+1] is this the recommend package to use for Debian (because of the version-number 2.4.21 instead of 2.4.22) or need we to wait for repo to be synced? Greetings, Marc > -----Original Message----- > From: Willy Tarreau <w...@1wt.eu> > Sent: Tuesday, February 14, 2023 5:15 PM > To: haproxy@formilux.org > Subject: [ANNOUNCE] haproxy-2.4.22 > > Hi, > > HAProxy 2.4.22 was released on 2023/02/14. It added 11 new commits after > version 2.4.21. > > The main reason for this release today is the availability of a fix for the > vulnerability > explained in the other thread (CVE-2023-25725). > > In addition, this version addresses the following issues: > > - a regression from a previous fix that caused some server-side > connection not to expire if some unsent data are blocked in the > request channel. > > - a 13-years old issue with the expiration of old entries in stick- > tables that slows down eviction at every timer period rollover > (49.7 days), making the table size and memory usage grow for a > while until all of them were either refreshed or expired. I'm > still puzzled that 3 users apparently noticed it at the same time > around last rollover on Jan 30th. > > - a bug in the SSL cache eviction that affected WolfSSL was fixed, but > it's unclear if it could affect other libs (openssl was apparently not > due to fixed-size records) > > - a warning will be emitted when a crt-list line is malformed. > > - minor doc fixes > > The changes are intentionally limited so that all users of 2.4.21 and older > can > update without taking risks. > > Please find the usual URLs below : > Site index : https://www.haproxy.org/ > Documentation : https://docs.haproxy.org/ > Wiki : https://github.com/haproxy/wiki/wiki > Discourse : https://discourse.haproxy.org/ > Slack channel : https://slack.haproxy.org/ > Issue tracker : https://github.com/haproxy/haproxy/issues > Sources : https://www.haproxy.org/download/20230214-cve-2023- > 25725/src/ > Git repository : https://git.haproxy.org/git/haproxy-20230214-cve-2023- > 25725.git/ > Git Web browsing : https://git.haproxy.org/?p=haproxy-20230214-cve-2023- > 25725.git > Changelog : https://www.haproxy.org/download/20230214-cve-2023- > 25725/src/CHANGELOG > Dataplane API : > https://github.com/haproxytech/dataplaneapi/releases/latest > Pending bugs : https://www.haproxy.org/l/pending-bugs > Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs > Code reports : https://www.haproxy.org/l/code-reports > Latest builds : https://www.haproxy.org/l/dev-packages > > Willy > --- > Complete changelog : > Aleksey Ponomaryov (1): > BUG/MEDIUM: stick-table: do not leave entries in end of window during > purge > > Aurelien DARRAGON (3): > BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section > DOC: config: fix option spop-check proxy compatibility > DOC: config: 'http-send-name-header' option may be used in default > section > > Christopher Faulet (1): > BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first > > William Lallemand (3): > BUG/MEDIUM: ssl: wrong eviction from the session cache tree > BUG/MINOR: ssl/crt-list: warn when a line is malformated > CI: github: don't warn on deprecated openssl functions on windows > > Willy Tarreau (3): > BUG/MEDIUM: cache: use the correct time reference when comparing dates > DOC: proxy-protocol: fix wrong byte in provided example > BUG/CRITICAL: http: properly reject empty http header field names > > ---
