Affected 5.x versions of VSV00004 Workspace information leak
Dridi Boukelmoune
dridi at varni.sh
Wed Oct 23 10:41:22 UTC 2019
On Wed, Oct 23, 2019 at 9:38 AM Erik Wasser <ewasser at maxcluster.de> wrote:
>
> Hello list,
>
> sometimes I'm confused about the supported versions of Varnish. This
> resulted in the post "LTS time frame for Varnish 6.0.X?" on
> https://varnish-cache.org/lists/pipermail/varnish-dist/2019-September/000173.html.
>
> But now I'm confused about the "VSV00004 Workspace information leak"
> (https://varnish-cache.org/security/VSV00004.html) and the affected
> versions.
>
> "VSV00004 Workspace information leak" writes:
>
> > Versions affected
> >
> > 5.0 and forward
>
> So the version 5.0, 5.1 and 5.2 are affected by VSV00004, is that
> correct? The page http://varnish-cache.org/releases/index.html states
> that only versions 6.X are supported. So all varnish 5.X should update
> to 6.X?! Is that conclusion correct?
Correct, and if you want some stability I recommend the 6.0 LTS branch
that will be maintained for a while, like the previous 4.1 LTS branch
that reached EOL in March 2019.
Dridi
More information about the varnish-misc
mailing list