Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: jfqd on April 06, 2020, 12:11:42 PM

Title: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100
Post by: jfqd on April 06, 2020, 12:11:42 PM
Is there a timeframe for an update of haproxy to fix CVE-2020-11100 [1]?

[1] https://www.haproxy.com/blog/haproxy-1-8-http-2-hpack-decoder-vulnerability-fixed/
Title: Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100
Post by: franco on April 06, 2020, 12:26:24 PM
Yes, 20.1.4 with HAProxy 2.0.14 this week.

Too late, too soon?


Cheers,
Franco
Title: Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100
Post by: jfqd on April 06, 2020, 12:35:31 PM
Thx Franco, perfect! :)
Title: Re: haproxy HTTP/2 HPACK Decoder Vulnerability CVE-2020-11100
Post by: franco on April 06, 2020, 01:44:50 PM
Whew, ok 8)

Currently we plan for a Wednesday release.


Cheers,
Franco
Text only | Text with Images