Thanks for the heads up Gregor, we'll rebuild systemvmtemplates for 4.16/main
branch.
Regards.
From: Wei ZHOU
Sent: Friday, September 10, 2021 18:28
To: dev@cloudstack.apache.org
Subject: Re: CVE-2021-40346 (haproxy 2.x)
Hi Greg,
Thanks for the info.
Hi Greg,
Thanks for the info. It is good that our systemvm templates are not
impacted.
CloudStack 4.15.1 systemvm template uses haproxy 1.8.19. CloudStack 4.16
systemvm template uses haproxy 2.2.9, but it is not officially released yet.
-Wei
On Fri, 10 Sept 2021 at 14:22, Riepl, Gregor (SWISS T
Hi,
Are you aware of https://nvd.nist.gov/vuln/detail/CVE-2021-40346 ?
Haproxy 2.0 through 2.5 has a vulnerability that can be exploited to smuggle
requests to backend systems.
If the CloudStack VR is using one of these versions, it should be patched
everywhere ASAP.
Regards,
Greg
