Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 and later are *not* affetced, which is great. This implies that haproxy-1.8 *is* affected, but it also doesn't come right out and say that. I understand haproxy-1.8 is EOL, but do we know for certain that haproxy-1.8 is affected or not? Asking for a reason.
And shout-out to Nick for writing such a great article! Thank you, Nick! Ryan [1] https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
