tfheen at varnish-software
Jun 17, 2013, 5:58 AM
Post #1 of 1
(100 views)
Permalink
|
It is my pleasure to announce the fourth maintenance release in the 3.0
series of Varnish Cache. It includes a fix for a security related bug
and everybody is recommended to upgrade as soon as possible.
Some of the most important changes include:
* The ACL code had a bug which could lead to false negatives. This has
been assigned CVE-2013-4090.
* Varnish will now return an error if the client sends multiple Host
headers.
* If the backend sent invalid gzip while using ESI, Varnish would in some
cases assert. It now works correctly.
* TCP_NODELAY is now enabled, which should lead to performance
improvements in some cases.
A fuller list of changes is available in the changes document, available
at http://varnish-cache.org/trac/browser/doc/changes.rst
Installation instructions and sources are available from
https://www.varnish-cache.org/releases/varnish-cache-3.0.4
--
Tollef Fog Heen, on behalf of the Varnish team
_______________________________________________
varnish-announce mailing list
varnish-announce [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-announce
|
