The Section Changelog

What's new on Section

Varnish 6.2.2 and 6.3.1 released (fixes VSV00004)

November 24, 2019
Update

We recently published Varnish modules for 6.3.1 and 6.2.2, which include a fix for Varnish VSV00004.

VSV00004 affects Varnish versions 5.0 and forward.

We recommend you upgrade your Varnish modules to versions 6.3.1 or 6.2.2 as soon as possible.

If you are unable to upgrade, Varnish provide a VCL mitigation for this vulnerability.

Impact of VSV00004

Successful exploitation of VSV00004 can, under specific circumstances, lead to information leaks about other connections handled by Varnish.

Information leaked can include Varnish data structures, stale header data from previous requests, and temporary headers set during processing of VCL.