This bug was fixed in the package haproxy - 3.0.12-0ubuntu0.25.10.1
---------------
haproxy (3.0.12-0ubuntu0.25.10.1) questing; urgency=medium
* New upstream version (LP: #2127664)
- The API for the lua HTTPMessage "class" was improved to be able to
change the body length. It was mandatory to be able to write a lua
filter altering the message payload. HTTPMessage:set_body_len() can now
be used for this purpose
- Still in lua, The HTTP client is not supposed to be used to process
several requests but there was nothing to prevent this usage. An error
is now triggered in that case
- The "ssl_bc_sni" sample fetch function was backported. It can be useful
during debugging sessions to know what SNI was configured on a
connection going to a server, for example to match it against what the
server saw or to detect cases where a server would route on SNI instead
of Host.
- For further information, see the upstream release notes:
+ https://www.mail-archive.com/[email protected]/msg45931.html
+ https://www.mail-archive.com/[email protected]/msg46205.html
* d/p/CVE-2025-11230.patch: drop patch fixed upstream in 3.0.12
-- Athos Ribeiro <[email protected]> Mon, 01 Dec 2025 10:53:47 -0300
** Changed in: haproxy (Ubuntu Questing)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-11230
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127664
Title:
New HAProxy upstream microreleases 2.4.30, 2.8.16, and 3.0.12
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2127664/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
