从这个网页截图中,我们可以获取到以下关于漏洞的关键信息: 1. 版本信息: - 该版本是haproxy的2.8.11版本。 - 该版本发布于2024年9月19日。 2. 漏洞修复: - BUG/MINOR: - quic: fix computed length of emitted STREAM frames - proxy: fix server_id_hdr_name leak on deinit() - proxy: fix log_tag leak on deinit() - proxy: fix check(command,path) leak on deinit() - proxy: fix dyncookie_key leak on deinit() - proxy: fix source interface and usersrc leaks on deinit() - proxy: fix header_unique_id leak on deinit() - management: add missed -DR and -dv options - management: rename show stats domain cli "dns" to "resolvers" - configuration: fix alphabetical order of bind options - scripts: git-show-backports: do not truncate git-show output - api/event hdl: small updates, fix an example and add some precisions - h3: fix crash on STOP_SENDING receive after GOAWAY emission - mux-quic: fix crash on qcs SD alloc failure - quic: fix BUG_ON() on Tx pkt alloc failure - hlua: report proper context upon error in hlua_cli_io_handler_fct() - activity: make the memory profiling hash size configurable at build time - h3: ensure the ":method" pseudo header is totally valid - h3: ensure the ":scheme" pseudo header is totally valid - quic: fix race-condition in quic_get_cid_tid() - quic: fix race-condition in qc_check_dcid() - quic: fix race-condition on trace for CID retrieval - quic: fix possible exit from qc_check_dcid() without unlocking - configuration: more details about the master-worker mode - ssl: initialize the SSL stack explicitly - jwt: don't try to load files with HMAC algorithm - jwt: fix variable initialisation - h1: Fail to parse empty transfer coding names - h1: Reject empty coding name as last transfer-encoding value - h1: Reject empty Transfer-encoding header - spo: Be sure to create a SPOE applet if none on the current thread - bwlim: Be sure to never set the analyze expiration date in past - session: Eval L4/L5 rules defined in the default section - debug/cli: fix "show threads" crashing with low thread counts - ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path - configuration: issuers-chain-path not compatible with OCSP - config: improve the http-keep-alive section - stick-table: fix crash for src_inc_gpc() without stkcounter - server: Don't warn fallback IP is used during init-addr resolution - cli: Atomically inc the global request counter between CLI commands - quic: Lack of precision when computing K (cubic only cc) - queue: add a function to check for TOCTOU after queueing - init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) - init: fix fd_hard_limit default in compute_ideal_maxconn - cli: Always release back endpoint between two commands on the mcli - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer ready - cli: Reject empty Transfer-encoding header - mcli: fix fd_hard_limit default in compute_ideal_maxconn - stream: Prevent mux upgrades if client connection is no longer read