[web-devel] Security update: update to warp 2.0.3.3

Michael Snoyman michael at snoyman.com
Thu Mar 6 05:22:45 UTC 2014


We received a security report yesterday of a regression in the Warp 2.0
series[1] related to Slowloris protection. Please see the issue for
details. The important information is:

* Versions prior to 2.0 are not affected.
* Updating to 2.0.3.3 solves the problem.

Yesod users: I've just released a new version of yesod-platform which
updates the warp dependency.

If there are any questions, please let me know.

[1] https://github.com/yesodweb/wai/issues/231
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20140306/d990cd89/attachment.html>


More information about the web-devel mailing list