Varnish 3.0.4 released

Tollef Fog Heen tfheen at
Mon Jun 17 14:58:19 CEST 2013

It is my pleasure to announce the fourth maintenance release in the 3.0
series of Varnish Cache.  It includes a fix for a security related bug
and everybody is recommended to upgrade as soon as possible.

Some of the most important changes include:

* The ACL code had a bug which could lead to false negatives. This has
  been assigned CVE-2013-4090.

* Varnish will now return an error if the client sends multiple Host

* If the backend sent invalid gzip while using ESI, Varnish would in some
  cases assert. It now works correctly.

* TCP_NODELAY is now enabled, which should lead to performance
  improvements in some cases.

A fuller list of changes is available in the changes document, available

Installation instructions and sources are available from

Tollef Fog Heen, on behalf of the Varnish team

More information about the varnish-announce mailing list