There was a CVE missing in the announcement yesterday and it is also covered in the 8.1.5 and 9.1.3 releases.
Description: ATS is vulnerable to smuggle attacks CVE (8.1.x and 9.1.x): CVE-2022-31779 Improper HTTP/2 scheme and method validation Reported By: Tony Regins (CVE-2022-31779) Vendor: The Apache Software Foundation Version Affected: ATS 8.0.0 to 8.1.4 ATS 9.0.0 to 9.1.2 Mitigation: 8.x users should upgrade to 8.1.5 or later versions 9.x users should upgrade to 9.1.3 or later versions References: Downloads: https://trafficserver.apache.org/downloads <https://trafficserver.apache.org/downloads> (Please use backup sites from the link only if the mirrors are unavailable) CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31779 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31779> -Bryan
