Description:
ATS is vulnerable to various HTTP/1.x and HTTP/2 attacks
CVE:
CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning
CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters
CVE-2021-32566 Specific sequence of HTTP/2 frames can cause ATS to crash
Apache Traffic Server 9.0.2 and 8.1.2 are Released
The Apache Software Foundation and the Apache Traffic Server (ATS) Project are
pleased to announce the release of Apache Traffic Server 9.0.1 and 8.1.2! ATS
is a high performance, scalable HTTP Intermediary and proxy cache. It is used
by sever
Calling this vote with 2 +1’s and no -1’s. Files are up on the Apache download
mirrors. I will be updating our downloads page and sending out and
announcement shortly.
Thanks everyone for voting!
-Bryan
> On Jun 22, 2021, at 8:35 AM, Leif Hedstrom wrote:
>
> I've prepared a release for 9.
Calling this vote with 4 +1’s and no -1’s. Files are up on the Apache download
mirrors. I will be updating our downloads page and sending out and
announcement shortly.
Thanks everyone for voting!
-Bryan
> On Jun 23, 2021, at 11:22 AM, Evan Zelkowitz wrote:
>
> Ive prepared a release for 8
+1 On Tuesday, June 22, 2021, 08:35:16 AM PDT, Leif Hedstrom
wrote:
I've prepared a release for 9.0.2 (RC0), which is a bug fix release. For a
list of all PRs, see
https://github.com/apache/trafficserver/milestone/48?closed=1
or for a brief ChangeLog (also attached below):
+1 On Wednesday, June 23, 2021, 11:22:55 AM PDT, Evan Zelkowitz
wrote:
Ive prepared a release for 8.1.2 (RC0), which is a bug fix release. For a list
of all PRs, see
https://github.com/apache/trafficserver/milestone/47?closed=1
or for a brief ChangeLog (also attached below)
