2023

News archive of the year 2023

Varnish HTTP/2 Rapid Reset Attack

2023-11-13

All Varnish Cache releases with HTTP/2 support suffer a vulnerability in the HTTP/2 protocol. Please see VSV00013 Varnish HTTP/2 Rapid Reset Attack for more information.

Security releases: 6.0.12, 7.3.1 and 7.4.2

2023-11-13

Varnish versions 6.0.12, 7.3.1 and 7.4.2 are now available. These releases are published to address the vulnerability described in VSV00013.

Varnish 7.4.1 is released

2023-09-20

Varnish 7.4.1 has been released and can be found here: Varnish Cache 7.4.1

This maintenance release fixes a bug preventing protected headers to be read from several subroutines.

Varnish 7.4.0 is released

2023-09-15

Our bi-annual “fresh” release is here: Varnish Cache 7.4.0

The 7.2 series is no longer supported in any capacity.

VSV00012: Vulnerability in vmod_digest

2023-08-17

Please see VSV00012 Base64 decoding vulnerability in vmod-digest

Varnish 7.3.0 is released

2023-03-15

Our bi-annual “fresh” release is here: Varnish Cache 7.3.0

The 7.1 series is no longer supported in any capacity.

Two new Storage Engines for Varnish-Cache

2023-02-06

Celebrating the 17th anniversary of Varnish-Cache today, your Open-Source Varnish-Cache friends from UPLEX have just released an extension with two new storage engines (stevedores) and two basic storage routers (loadmasters). One of the storage engines, fellow, offers persistent storage on disks (or SSDs, rather).

The preferred public repository with support for issues, merge-requests and other activities is at https://gitlab.com/uplex/varnish/slash

To read more:

• The SLASH/ Announcement

• The SLASH/ README

• The SLASH/ module documentation