2022¶
News archive of the year 2022¶
Request Forgery Vulnerability¶
2022-11-08
All supported versions of Varnish suffer from a request forgery vulnerability on HTTP/2 connections. Please see VSV00011 Varnish HTTP/2 Request Forgery Vulnerability for more information.
Request Smuggling Vulnerability¶
2022-11-08
Varnish Cache releases 7.1 and 7.2 suffer from a Request Smuggling vulnerability. Please see VSV00010 Varnish Request Smuggling Vulnerability for more information.
Security releases: 6.0.11, 7.2.1 and 7.1.2¶
2022-11-08
Varnish versions 6.0.11, 7.2.1 and 7.1.2 are now available. These releases are published to address the vulnerabilities described in VSV00010 and VSV00011.
Varnish 7.2.0 is released¶
2022-09-15
Our bi-annual “fresh” release is here: Varnish Cache 7.2.0
The 7.0 series is no longer supported in any capacity.
Denial of Service Vulnerability¶
2022-08-09
Varnish Cache releases 7.0 and 7.1 suffer from a Denial of Service vulnerability. Please see VSV00009 Varnish Denial of Service Vulnerability for more information.
Security releases: 7.1.1 and 7.0.3¶
2022-08-09
Varnish versions 7.1.1 and 7.0.3 are now available. These releases fix the vulnerability described in VSV00009.
Varnish 7.1.0 is released¶
2022-03-15
Our bi-annual “fresh” release is here: Varnish Cache 7.1.0
The 6.6 series is no longer supported in any capacity.
HTTP/1 Request Smuggling Vulnerability¶
2022-01-25
All supported versions of Varnish suffer from a request smuggling vulnerability on HTTP/1 connections. Please see VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability for more information.
Security releases: 6.0.10, 7.0.2 and 6.6.2¶
2022-01-25
Varnish versions 6.0.10, 7.0.2 and 6.6.2 are now available. These releases fix the vulnerability described in VSV00008.