You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2014/07/24 00:23:02 UTC
svn commit: r1612961 - /trafficserver/site/trunk/content/index.html
Author: zwoop
Date: Wed Jul 23 22:23:02 2014
New Revision: 1612961
URL: http://svn.apache.org/r1612961
Log:
Updated home page with info pertaining to CVE-2014-3525
Modified:
trafficserver/site/trunk/content/index.html
Modified: trafficserver/site/trunk/content/index.html
URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/content/index.html?rev=1612961&r1=1612960&r2=1612961&view=diff
==============================================================================
--- trafficserver/site/trunk/content/index.html (original)
+++ trafficserver/site/trunk/content/index.html Wed Jul 23 22:23:02 2014
@@ -63,12 +63,10 @@
"http://ostatic.com/blog/guest-post-yahoos-cloud-team-open-sources-traffic-server">Traffic
Server overview</a>.</p>
<br>
- <P><b>Important security announcement</b>: All versions of Traffic Server prior to v3.0.4 and
- v3.1.3 have a vulnerability where a large Host: header can crash the server under
- certain conditions. Everyone is encouraged to upgrade as soon as possible. For more
- details, see <a href="https://www.cert.fi/en/reports/2012/vulnerability612884.html">CVE-2012-0256</a>.
- New releases addressing this issue are available on the <a href="downloads">Download page</a>.
- The latest release is v5.0.0.
+ <P><b>Important security announcement</b>: All versions of Traffic
+ Server have a vulnerability related to the synthetic health checks as
+ used by traffic_cop. We urge everyone to upgrade to the latest
+ releases, either v4.2.1.1 or v5.0.1. See CVE-2014-3525 for some details.
</div>
</div>
<div class="fourcol right last">
@@ -261,6 +259,9 @@
<div class="twelvecol">
<div id="blurbbox">
<ul>
+ <li><b>July 23, 2014:</b>A security flaw in handling of healthchecks
+ was discovered, affecting all versions of ATS. We urge everyone to
+ upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for details.</li>
<li><b>June 17, 2014:</b>We are extremely pleased to announce the
release of our latest major release, v5.0.0! This has been a year
in the making, and includes a number of new features and bug fixes.</li>