A flaw was found in haproxy before version 2.0.6. In legacy mode, messages
featuring a transfer-encoding header missing the "chunked" value was not
being correctly rejected. The impact was limited but if combined with
"http-reuse always", it could be used as an help to construct a content
smuggling attack against a vulnerable component employing a lenient parser
which would ignore the content-length header as soon as it sees a
transfer-encoding one, without even parsing it.
@maintainer(s), please advise if you are ready for stabilisation or call for stabilisation yourself.