Varnish Cache 3.0.7

Release date:

23 March, 2015


Varnish is distributed as both source and binary packages. Please choose the appropriate version for your platform.

Summary of changes

  • Requests with multiple Content-Length headers will now fail.
  • Stop recognizing a single CR (r) as a HTTP line separator. This opened up a possible cache poisioning attack in stacked installations where sslterminator/varnish/backend had different CR handling.
  • Improved error detection on master-child process communication, leading to faster recovery (child restart) if communication loses sync.
  • Fix a corner-case where Content-Length was wrong for HTTP 1.0 clients, when using gzip and streaming. Bug 1627.
  • More robust handling of hop-by-hop headers.
  • [packaging] Coherent Redhat pidfile in init script. Bug #1690.
  • Avoid memory leak when adding bans.

All users are recommended to upgrade to Varnish 4.0, or this new 3.0.7 if you can't upgrade just yet.

Please note that ordinary support for Varnish Cache 3.0 ends in April 2015.

Add comment

Log in or register to post comments