varnish / docker-varnish

Official docker image
https://hub.docker.com/_/varnish
82 stars 34 forks source link

Update versions to address VSV00008 vulnerability #46

Closed samford closed 2 years ago

samford commented 2 years ago

This updates to the 6.0.10, 6.6.2, and 7.0.2 versions of Varnish (released 2022-01-25), addressing the VSV00008 HTTP/1 Request Smuggling Vulnerability. More information here: https://varnish-cache.org/security/VSV00008.html

A couple other things to note:

gquintard commented 2 years ago

thank you @samford , merged! If you feel like it, you can also open a PR to https://github.com/docker-library/official-images and I'll back you up. Otherwise, I'll open it tonight.

In any case, thanks a bunch!