What customers of Red Hat OpenShift hosted services should know about the April 2020 HAProxy HTTP/2 flaws
April 3, 2020 | by
On April 2, 2020, details were made public about a security flaw that impacts systems running the HAProxy component when HTTP/2 support is enabled. Before the flaws were publicly disclosed, Red Hat worked to determine the impact to our customers for hosted services that use HAProxy - including OpenShift Dedicated, OpenShift Online, and Azure Red Hat OpenShift. We have verified that none of these managed services are using the vulnerable HAProxy configuration.
When you build a Docker image, a series of layers get cached to speed up subsequent builds. However, this caching can have adverse effects if an image layer contains secrets, such as credentials. A ...