Description:
Apache Traffic Server is vulnerable to specific user inputs
CVE:
CVE-2024-38479 - Cache key plugin is vulnerable to cache poisoning attack
CVE-2024-50305 - Valid Host field value can cause crashes
CVE-2024-50306 - Server process can fail to drop privilege
Reported By:
Bryan Call (CVE
Apache Traffic Server 10.0.2 and 9.2.6 are released
The Apache Software Foundation and the Apache Traffic Server (ATS) Project are
pleased to announce the release of Apache Traffic Server 10.0.2 and 9.2.6! ATS
is a high performance, scalable HTTP Intermediary and proxy cache. It is used
by se
+1
This is running on our docs server now and has been since yesterday. It has
been stable and I've noticed no functional issues.
On Wed, Nov 13, 2024 at 10:16 AM Chris McFarlen wrote:
> +1, built and tested on ubuntu, unit tests pass.
>
> Chris
>
> Sent with Proton Mail secure email.
>
> On We
+1, built and tested on ubuntu, unit tests pass.
Chris
Sent with Proton Mail secure email.
On Wednesday, November 13th, 2024 at 10:11 AM, Evan Zelkowitz
wrote:
> +1
>
> Built and ran tests on Rocky 8
>
> On Tue, Nov 12, 2024 at 1:16 PM Chris McFarlen ch...@mcfarlen.us wrote:
>
> > I've pre
+1
Built and ran tests on Rocky 8
On Tue, Nov 12, 2024 at 1:16 PM Chris McFarlen wrote:
> I've prepared a release for 10.0.2. The release notes are available at:
>
> https://github.com/apache/trafficserver/milestone/78?closed=1
>
> https://docs.trafficserver.apache.org/en/latest/release-notes/u
A few warnings if you are using these Fedora "official" and EPEL builds (I'm
guessing not many, as per below):
- RHEL 9.5 is currently releasing, which updates to OpenSSL 3.2.2. The
existing 9.2.5 builds in EPEL *will not be able to contact TLS origin servers*
due to https://github.com/apach
