Thanks for the heads up Gregor, we'll rebuild systemvmtemplates for 4.16/main branch.
Regards. ________________________________ From: Wei ZHOU <ustcweiz...@gmail.com> Sent: Friday, September 10, 2021 18:28 To: dev@cloudstack.apache.org <dev@cloudstack.apache.org> Subject: Re: CVE-2021-40346 (haproxy 2.x) Hi Greg, Thanks for the info. It is good that our systemvm templates are not impacted. CloudStack 4.15.1 systemvm template uses haproxy 1.8.19. CloudStack 4.16 systemvm template uses haproxy 2.2.9, but it is not officially released yet. -Wei On Fri, 10 Sept 2021 at 14:22, Riepl, Gregor (SWISS TXT) < gregor.ri...@swisstxt.ch> wrote: > Hi, > > Are you aware of https://nvd.nist.gov/vuln/detail/CVE-2021-40346 ? > Haproxy 2.0 through 2.5 has a vulnerability that can be exploited to > smuggle requests to backend systems. > > If the CloudStack VR is using one of these versions, it should be patched > everywhere ASAP. > > Regards, > Greg >
