Closed vvviren closed 1 year ago
The referenced vulnerability is specific to Lua 5.4 - it does not apply to Lua 5.3 from what I can tell.
(see https://security-tracker.debian.org/tracker/CVE-2022-28805, where the Debian Security Team has opted not to fix this due to it being a "minor issue")
Thank you for the update.
Currently, haproxy image, including the latest version, builds with lua version 5.3.3
Requesting default haproxy image to be built with lua version >= 5.4.2 as default there are security vulnerability with older version of lua.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-28805