Red Hat blog

What customers of Red Hat OpenShift hosted services should know about the April 2020 HAProxy HTTP/2 flaws

April 3, 2020Bill Montgomery

On April 2, 2020, details were made public about a security flaw that impacts systems running the HAProxy component when HTTP/2 support is enabled. Before the flaws were publicly disclosed, Red Hat worked to determine the impact to our customers for hosted services that use HAProxy - including OpenShift Dedicated, OpenShift Online, and Azure Red Hat OpenShift. We have verified that none of these managed services are using the vulnerable HAProxy configuration.

For more information on this vulnerability, see CVE-2020-11100 and Red Hat’s vulnerability article.

Questions about the vulnerability can be asked via Red Hat Support. For questions about how this vulnerability affects Azure Red Hat OpenShift, please contact Microsoft Support.

Red Hat OpenShift SRE Security Team

About the author

Bill Montgomery

Read full bio

Platform products

Try & buy

Featured cloud services

By category

By organization type

By customer

Services

Training & certification

Featured

Topics

Articles

More to explore

For customers

For partners

About us

Open source

Company details

Communities

Recommendations

Select a language

Select a language

What customers of Red Hat OpenShift hosted services should know about the April 2020 HAProxy HTTP/2 flaws

About the author

Bill Montgomery

4 use cases for AI in cyber security

Connect hybrid cloud Kubernetes with F5 multicloud networking and Red Hat OpenShift for optimized security footprints

Deploying SAS Viya on HPE GreenLake and Red Hat OpenShift

Products

Tools

Try, buy, & sell

Communicate

About Red Hat

Select a language

Red Hat legal and privacy links

Red Hat legal and privacy links