The latest Varnish LTS release is 6.0.8. The new version includes the following changes:
- Fix an issue where a backend fetch can stall after a client has disconnected. (3556)
- Fix an issue in directors.shard() where calling reconfigure() on an empty director breaks subsequent shard directors. Also changed an internal canon_point calculation. (3593)
- Address and fix various issues with H2 work priorities. (2796, 3536, 3537)
- Fix a panic situation in ban_mark_completed() when using bans. (2556)
- Fix an issue where an early backend error can trigger a valid zero length response. (3560)
- Fix a panic situation when cooling a backend in VBE_Poll() and Lck_Delete(). (3587)
- Complete source code migration to python3.
- Fix an issue where varnishd will sleep for 1s when attempting to shutdown. (3569)
- Fix a panic situation in vbf_stp_condfetch(). (3558)
- Fix a panic situation in EXP_Insert(). (2999)
- Fix a panic situation in VRB_Free() which can be triggered when using std.cache_req_body(). (3433)
- Fix a panic situation in http1_minimal_response(). (3415)
- Fix an issue where a closed connection gets recycled for reuse. (3400)
- Fix an issue where directors.round_robin() can sometimes be empty when a single backend is sick. (3474)
- Fix an issue where the wrong Content-Length is used when doing gunzip on delivery. (3535)
- Fix an issue where resp.reason can race when used in vcl_synth. (3546)
- Fix an issue where the return(error) status and reason are kept when doing a backend retry. (3525)
- Fix an HTTP/2.0 request smuggling vulnerability. (VSV00007)
This task tracks the packaging and deployment work required to upgrade to 6.0.8.