In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Please bump to 6.6.2 and 7.0.2.
We're going to bump to 7.1.0 which is not vulnerable to this and is currently the supported version. I'm getting everything ready for a stablereq.
Thanks! Please stable when ready
(In reply to John Helmert III from comment #2)
> Thanks! Please stable when ready
Its ready, I'm opening the stabelreq now
(In reply to Anthony Basile from comment #3)
> (In reply to John Helmert III from comment #2)
> > Thanks! Please stable when ready
> Its ready, I'm opening the stabelreq now
Vulnerable versions are off the tree and 7.1.0 is all stable.
Thanks! Minimal impact so no GLSA, all done!