Re: [*EXT*] RE: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Willy Tarreau
On Tue, Feb 14, 2023 at 07:58:34PM +0100, Vincent Bernat wrote: > On 2023-02-14 18:08, Ionel GARDAIS wrote: > > Hi Marc, > > > > I guess Vincent choose to use a -2 tag so that users who hold their package > > on minor version will still get the update. > > That's because the uploads were prepare

Re: [*EXT*] RE: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Vincent Bernat
On 2023-02-14 18:08, Ionel GARDAIS wrote: Hi Marc, I guess Vincent choose to use a -2 tag so that users who hold their package on minor version will still get the update. That's because the uploads were prepared in advance, before the 2.4.22 release. Willy sent us the patch in advance to be

Re: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Arnall
Hello, Le 14/02/2023 à 17:52, Tim Düsterhus a écrit : Marc, On 2/14/23 17:44, Marc Gebauer wrote: Listing... Done haproxy/bullseye-backports-2.4 2.4.21-2~bpo11+1 amd64 [upgradable from: 2.4.21-1~bpo11+1] is this the recommend package to use for Debian (because of the version-number 2.4.21

Re: [*EXT*] RE: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Ionel GARDAIS
ww.haproxy.org/ >Documentation: https://docs.haproxy.org/ >Wiki : https://github.com/haproxy/wiki/wiki >Discourse: https://discourse.haproxy.org/ >Slack channel: https://slack.haproxy.org/ >Issue tracker: https://github.com/haproxy/haproxy/is

Re: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Tim Düsterhus
Hi On 2/14/23 17:52, Tim Düsterhus wrote: Check with 'zless /usr/share/doc/haproxy/changelog.Debian.gz' to be sure, but this should be the correct version. The 2 after the hyphen indicates that this the "second version of 2.4.12" or in other words: 2.4.12 + just the security fix. The real 2.4.13

Re: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Tim Düsterhus
Marc, On 2/14/23 17:44, Marc Gebauer wrote: Listing... Done haproxy/bullseye-backports-2.4 2.4.21-2~bpo11+1 amd64 [upgradable from: 2.4.21-1~bpo11+1] is this the recommend package to use for Debian (because of the version-number 2.4.21 instead of 2.4.22) or need we to wait for repo to be syn

Re: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Willy Tarreau
Hello, On Tue, Feb 14, 2023 at 04:44:49PM +, Marc Gebauer wrote: > Hello together, > > we use > > /etc/apt/sources.list.d/haproxy.list > deb http://haproxy.debian.net bullseye-backports-2.4 main > > and apt list --upgradable shows: > > Listing... Done > haproxy/bullseye-backports-2.4 2.4.

RE: [ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Marc Gebauer
Documentation: https://docs.haproxy.org/ >Wiki : https://github.com/haproxy/wiki/wiki >Discourse: https://discourse.haproxy.org/ >Slack channel: https://slack.haproxy.org/ >Issue tracker: https://github.com/haproxy/haproxy/issues >

[ANNOUNCE] HAProxy Security Update (CVE-2023-25725)

2023-02-14 Thread Willy Tarreau
Hello, A team of security researchers notified me on Thursday evening that they had found a dirty bug in HAProxy's headers processing, and that, when properly exploited, this bug allows to build an HTTP content smuggling attack. HTTP content smuggling attacks consist in passing extra requests afte

[ANNOUNCE] haproxy-2.0.31

2023-02-14 Thread Willy Tarreau
ttps://github.com/haproxy/wiki/wiki Discourse: https://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git reposito

[ANNOUNCE] haproxy-2.2.29

2023-02-14 Thread Willy Tarreau
aproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git repository : https://git.haproxy.org/git/haproxy-20230214-cve-2023-25725.git/ Git Web browsing : https://git.haproxy.org/

[ANNOUNCE] haproxy-2.4.22

2023-02-14 Thread Willy Tarreau
aproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git repository : https://git.haproxy.org/git/haproxy-20230214-cve-2023-25725.git/ Git Web browsing : https://git.haproxy.org/

[ANNOUNCE] haproxy-2.5.12

2023-02-14 Thread Willy Tarreau
aproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git repository : https://git.haproxy.org/git/haproxy-20230214-cve-2023-25725.git/ Git Web browsing : https://git.haproxy.org/

[ANNOUNCE] haproxy-2.6.9

2023-02-14 Thread Willy Tarreau
: https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git repository : https://git.haproxy.org/git/haproxy-20230214-cve-2023-25725.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy-20230214-cve-2023-25725.git Changelog: https://www.haproxy.org/downlo

[ANNOUNCE] haproxy-2.7.3

2023-02-14 Thread Willy Tarreau
roxy/wiki/wiki Discourse: https://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git repository : https://git.haproxy.org/git

[ANNOUNCE] haproxy-2.8-dev4

2023-02-14 Thread Willy Tarreau
haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/20230214-cve-2023-25725/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing