Affected 5.x versions of VSV00004 Workspace information leak

Erik Wasser ewasser at maxcluster.de
Wed Oct 23 09:37:18 UTC 2019


Hello list,

sometimes I'm confused about the supported versions of Varnish. This 
resulted in the post "LTS time frame for Varnish 6.0.X?" on 
https://varnish-cache.org/lists/pipermail/varnish-dist/2019-September/000173.html.

But now I'm confused about the "VSV00004 Workspace information leak" 
(https://varnish-cache.org/security/VSV00004.html) and the affected 
versions.

"VSV00004 Workspace information leak" writes:

 > Versions affected
 >
 >   5.0 and forward

So the version 5.0, 5.1 and 5.2 are affected by VSV00004, is that 
correct? The page http://varnish-cache.org/releases/index.html states 
that only versions 6.X are supported. So all varnish 5.X should update 
to 6.X?! Is that conclusion correct?

-- 
Greetings
Erik Wasser



More information about the varnish-misc mailing list