This bug was fixed in the package haproxy - 2.8.16-0ubuntu0.24.04.1
---------------
haproxy (2.8.16-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version (LP: #2127664)
- The API for the lua HTTPMessage "class" was improved to be able to
change the body length. It was mandatory to be able to write a lua
filter altering the message payload. HTTPMessage:set_body_len() can now
be used for this purpose
- Still in lua, The HTTP client is not supposed to be used to process
several requests but there was nothing to prevent this usage. An error
is now triggered in that case
- For further information, see the upstream release notes:
+ https://www.mail-archive.com/[email protected]/msg46201.html
* d/p/CVE-2025-11230.patch: drop patch fixed upstream in 2.8.16
-- Athos Ribeiro <[email protected]> Wed, 03 Dec 2025 12:12:24 -0300
** Changed in: haproxy (Ubuntu Noble)
Status: Fix Committed => Fix Released
** Changed in: haproxy (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127664
Title:
New HAProxy upstream microreleases 2.4.30, 2.8.16, and 3.0.12
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2127664/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
