You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2014/07/24 00:23:02 UTC

svn commit: r1612961 - /trafficserver/site/trunk/content/index.html

Author: zwoop
Date: Wed Jul 23 22:23:02 2014
New Revision: 1612961

URL: http://svn.apache.org/r1612961
Log:
Updated home page with info pertaining to CVE-2014-3525

Modified:
    trafficserver/site/trunk/content/index.html

Modified: trafficserver/site/trunk/content/index.html
URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/content/index.html?rev=1612961&r1=1612960&r2=1612961&view=diff
==============================================================================
--- trafficserver/site/trunk/content/index.html (original)
+++ trafficserver/site/trunk/content/index.html Wed Jul 23 22:23:02 2014
@@ -63,12 +63,10 @@
           "http://ostatic.com/blog/guest-post-yahoos-cloud-team-open-sources-traffic-server">Traffic
           Server overview</a>.</p>
         <br>
-        <P><b>Important security announcement</b>: All versions of Traffic Server prior to v3.0.4 and
-            v3.1.3 have a vulnerability where a large Host: header can crash the server under
-            certain conditions. Everyone is encouraged to upgrade as soon as possible. For more
-            details, see <a href="https://www.cert.fi/en/reports/2012/vulnerability612884.html">CVE-2012-0256</a>.
-            New releases addressing this issue are available on the <a href="downloads">Download page</a>.
-						The latest release is v5.0.0.
+        <P><b>Important security announcement</b>: All versions of Traffic
+        Server have a vulnerability related to the synthetic health checks as
+        used by traffic_cop. We urge everyone to upgrade to the latest
+        releases, either v4.2.1.1 or v5.0.1. See CVE-2014-3525 for some details.
       </div> 
     </div>
     <div class="fourcol right last">
@@ -261,6 +259,9 @@
     <div class="twelvecol">
       <div id="blurbbox">
         <ul>
+          <li><b>July 23, 2014:</b>A security flaw in handling of healthchecks
+          was discovered, affecting all versions of ATS. We urge everyone to
+          upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for details.</li>
           <li><b>June 17, 2014:</b>We are extremely pleased to announce the
           release of our latest major release, v5.0.0! This has been a year
           in the making, and includes a number of new features and bug fixes.</li>