Varnish 3.0.4 released

Tollef Fog Heen tfheen at varnish-software.com
Mon Jun 17 14:58:19 CEST 2013


It is my pleasure to announce the fourth maintenance release in the 3.0
series of Varnish Cache.  It includes a fix for a security related bug
and everybody is recommended to upgrade as soon as possible.

Some of the most important changes include:

* The ACL code had a bug which could lead to false negatives. This has
  been assigned CVE-2013-4090.

* Varnish will now return an error if the client sends multiple Host
  headers.

* If the backend sent invalid gzip while using ESI, Varnish would in some
  cases assert. It now works correctly.

* TCP_NODELAY is now enabled, which should lead to performance
  improvements in some cases.

A fuller list of changes is available in the changes document, available
at http://varnish-cache.org/trac/browser/doc/changes.rst

Installation instructions and sources are available from
https://www.varnish-cache.org/releases/varnish-cache-3.0.4

--
Tollef Fog Heen, on behalf of the Varnish team




More information about the varnish-announce mailing list