You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bu...@apache.org on 2014/07/24 00:23:10 UTC
svn commit: r917244 - in /websites/staging/trafficserver/trunk: cgi-bin/
content/ content/index.html
Author: buildbot
Date: Wed Jul 23 22:23:09 2014
New Revision: 917244
Log:
Staging update by buildbot for trafficserver
Modified:
websites/staging/trafficserver/trunk/cgi-bin/ (props changed)
websites/staging/trafficserver/trunk/content/ (props changed)
websites/staging/trafficserver/trunk/content/index.html
Propchange: websites/staging/trafficserver/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jul 23 22:23:09 2014
@@ -1 +1 @@
-1612324
+1612961
Propchange: websites/staging/trafficserver/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jul 23 22:23:09 2014
@@ -1 +1 @@
-1612324
+1612961
Modified: websites/staging/trafficserver/trunk/content/index.html
==============================================================================
--- websites/staging/trafficserver/trunk/content/index.html (original)
+++ websites/staging/trafficserver/trunk/content/index.html Wed Jul 23 22:23:09 2014
@@ -63,12 +63,10 @@
"http://ostatic.com/blog/guest-post-yahoos-cloud-team-open-sources-traffic-server">Traffic
Server overview</a>.</p>
<br>
- <P><b>Important security announcement</b>: All versions of Traffic Server prior to v3.0.4 and
- v3.1.3 have a vulnerability where a large Host: header can crash the server under
- certain conditions. Everyone is encouraged to upgrade as soon as possible. For more
- details, see <a href="https://www.cert.fi/en/reports/2012/vulnerability612884.html">CVE-2012-0256</a>.
- New releases addressing this issue are available on the <a href="downloads">Download page</a>.
- The latest release is v5.0.0.
+ <P><b>Important security announcement</b>: All versions of Traffic
+ Server have a vulnerability related to the synthetic health checks as
+ used by traffic_cop. We urge everyone to upgrade to the latest
+ releases, either v4.2.1.1 or v5.0.1. See CVE-2014-3525 for some details.
</div>
</div>
<div class="fourcol right last">
@@ -261,6 +259,9 @@
<div class="twelvecol">
<div id="blurbbox">
<ul>
+ <li><b>July 23, 2014:</b>A security flaw in handling of healthchecks
+ was discovered, affecting all versions of ATS. We urge everyone to
+ upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for details.</li>
<li><b>June 17, 2014:</b>We are extremely pleased to announce the
release of our latest major release, v5.0.0! This has been a year
in the making, and includes a number of new features and bug fixes.</li>