Varnish HTTP Cache

I’m new here, please explain this Varnish thing

Questions and Answers

What is happening

2017-11-15 - Security Advisory: (Unlikely) data leak

Certain uncommon configurations of Varnish may leak data in synthetic responses from vcl_backend_error{}

Please see VSV00002 Data leak - ‘-sfile’ Stevedore transient objects

We have released Varnish Varnish Cache 4.1.9 and Varnish Cache 5.2.1 to fix this issue.

2017-09-15 - Varnish 5.2.0 is released

Come and get it... Varnish Cache 5.2.0

2017-08-02 - Security Advisory: Denial of Service

All varnish versions from 4.0.1 are vulnerable to a Denial of Service attack, please see VSV00001 DoS vulnerability

2017-08-02 - Security releases: 4.0.5, 4.1.8 and 5.1.3

Varnish versions 4.0.5, 4.1.8 and 5.1.3 are now available. See VSV00001 DoS vulnerability for details.

Package repository status

The official Linux (apt/yum) package repositories are now located at A list of all available repositories can be found at:

The old is going to be removed on the 31st of August.

For more details on packages, see Releases & Downloads


You can access the varnish-cache homepages with HTTP or HTTPS as you like.

We save the logfiles from our Varnish instance for a limited period, in order to be able to debug problems.

The old homepage ran Google Analytics, and we have continued that here for now, but unless we actually learn something useful from the data they collect, it will be discontinued.