Description:
ATS is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the
server to allocate a large amount of memory and spin the thread.
CVE:
CVE-2020-9494
Reported By:
Bryan Call
Vendor:
The Apache Software Foundation
Version Affected:
ATS 6.0.0 to 6.2.3
ATS 7.0.0 to 7.1.1
Apache Traffic Server 8.0.8 and 7.1.11 are Released
The Apache Software Foundation and the Apache Traffic Server (ATS) Project are
pleased to announce the release of Apache Traffic Server 8.0.8 and 7.1.11! ATS
is a high performance, scalable HTTP Intermediary and proxy cache. It is used
by sev
Hi,
We are still dealing with a particular kind of no-activity time out issue.
We are dealing with an Origin that will occasionally take 20 seconds to return
a HTTP 500 (annoying, right). We took a tcpdump and captured this occurring.
In the trace we can see the /GET and the ACK, and then a f
The vote passed with 3 +1 binding votes. I will be creating the final release
today and making announcements.
-Bryan
> On Jun 23, 2020, at 9:03 AM, Sudheer Vinukonda
> wrote:
>
> +1 as well - Built, ran unit, and regression tests on Mac.
>
>On Tuesday, June 23, 2020, 08:52:21 AM PDT, B
The vote passed with 3 +1 binding votes. I will be creating the final release
today and making announcements.
-Bryan
> On Jun 18, 2020, at 4:03 PM, Bryan Call wrote:
>
> I've prepared a release for 8.0.8. The release notes for 8.0.8 are available
> at:
>
>
> https://github.com/apac
+1 as well - Built, ran unit, and regression tests on Mac.
On Tuesday, June 23, 2020, 08:52:21 AM PDT, Bryan Call
wrote:
+1 - Built, ran unit, and regression tests on Fedora 32.
-Bryan
> On Jun 18, 2020, at 3:54 PM, Bryan Call wrote:
>
> I've prepared a release for 7.1.11. The re
+1 as well - Built, ran unit, and regression tests on Mac.
On Tuesday, June 23, 2020, 08:52:00 AM PDT, Bryan Call
wrote:
+1 - Built, ran unit, and regression tests on Fedora 32.
-Bryan
> On Jun 18, 2020, at 4:03 PM, Bryan Call wrote:
>
> I've prepared a release for 8.0.8. The rel
+1 - Built, ran unit, and regression tests on Fedora 32.
-Bryan
> On Jun 18, 2020, at 3:54 PM, Bryan Call wrote:
>
> I've prepared a release for 7.1.11. The release notes for 7.1.11 are
> available at:
>
>
> https://github.com/apache/trafficserver/pulls?utf8=✓&q=is%3Aclosed+is%3Apr+m
+1 - Built, ran unit, and regression tests on Fedora 32.
-Bryan
> On Jun 18, 2020, at 4:03 PM, Bryan Call wrote:
>
> I've prepared a release for 8.0.8. The release notes for 8.0.8 are available
> at:
>
>
> https://github.com/apache/trafficserver/pulls?utf8=✓&q=is%3Aclosed+is%3Apr+mil
