HAProxy 1.5 is available in Wily, and 1.4.24 is available in Trusty,
which should have this feature.
** Changed in: haproxy (Ubuntu)
Importance: Undecided => Low
** Changed in: haproxy (Ubuntu)
Status: Triaged => Fix Released
** Tags added: upgrade-software-version
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
High Availability Team, which is subscribed to haproxy in Ubuntu.
https://bugs.launchpad.net/bugs/1118160
Title:
Please support flags for Secure / HttpOnly Cookies
Status in haproxy package in Ubuntu:
Fix Released
Bug description:
HAProxy contains a weakness due to not supporting certain security-
related flags for cookies. By not supporting the 'Secure' or
'HttpOnly' cookies, applications behind the proxy become more
susceptible to cookie stealing attacks.
The solution is to upgrade to version 1.5-DEV11 or higher, as it has
been reported to fix this vulnerability. An upgrade is required as
there are no known workarounds.
More detail here: http://osvdb.org/82768
Please work on updating the Ubuntu packages to v1.5 asap.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1118160/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-ha
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ubuntu-ha
More help : https://help.launchpad.net/ListHelp
