Affected 5.x versions of VSV00004 Workspace information leak
dridi at varni.sh
Wed Oct 23 10:41:22 UTC 2019
On Wed, Oct 23, 2019 at 9:38 AM Erik Wasser <ewasser at maxcluster.de> wrote:
> Hello list,
> sometimes I'm confused about the supported versions of Varnish. This
> resulted in the post "LTS time frame for Varnish 6.0.X?" on
> But now I'm confused about the "VSV00004 Workspace information leak"
> (https://varnish-cache.org/security/VSV00004.html) and the affected
> "VSV00004 Workspace information leak" writes:
> > Versions affected
> > 5.0 and forward
> So the version 5.0, 5.1 and 5.2 are affected by VSV00004, is that
> correct? The page http://varnish-cache.org/releases/index.html states
> that only versions 6.X are supported. So all varnish 5.X should update
> to 6.X?! Is that conclusion correct?
Correct, and if you want some stability I recommend the 6.0 LTS branch
that will be maintained for a while, like the previous 4.1 LTS branch
that reached EOL in March 2019.
More information about the varnish-misc