Security archive

August 17, 2023: Base64 decoding vulnerability in vmod-digest Security
November 8, 2022: Varnish HTTP/2 Request Forgery Security
November 8, 2022: Open Source Varnish Request Smuggling Security
August 9, 2022: Open Source Varnish Cache Denial of Service Security
January 25, 2022: Varnish HTTP/1 Request Smuggling Security
December 13, 2021: Varnish Administration Console Log4j2 CVE-2021-44228 and CVE-2021-45046 Security
July 13, 2021: Varnish HTTP/2 Request Smuggling Security
March 16, 2021: Varnish Cache 6.5 / Varnish Modules 0.17.0 Denial of Service Security
February 4, 2020: Varnish HTTP Proxy Protocol V2 Denial of Service Security
October 21, 2019: Varnish HTTP Workspace information leak vulnerability Security
September 3, 2019: Varnish HTTP Cache DoS vulnerability Security
November 15, 2017: Varnish Cache data leak when using file stevedore with synthetic objects Security
August 2, 2017: Varnish HTTP Cache DoS vulnerability Security

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart

News
Varnish Enterprise 6.0.12r8
Varnish Helm Chart 1.3.0
A note on how Varnish handles an HTTP/2 CONTINUATION flood
Varnish Enterprise 6.0.12r7
Varnish Controller 6.0.2
News archive