Vinyl Cache (original) (raw)
What is happening¶
New Tips & Tricks article: Iocaine: What is and how to integrate with Vinyl Cache¶
2026-06-12
Iocaine had gained attention earlier in 2026 as defense option to cope with the AI crawler problem. We contextualize Iocaine from the perspective of Vinyl Cache, explain what it does and does not do, show how to integrate it with Vinyl Cache and reimplement Iocaine’s classifier in VCL: Iocaine: What is and how to integrate with Vinyl Cache.
New Tips & Tricks article: Signing Cookies¶
2026-06-04
Learn about how to ensure that an application will only receive cookies it has set itself by using cryptographic signatures: Signing Cookies with Vinyl Cache.
Security releases: 9.0.1, 8.0.2, 6.0.18¶
2026-04-11
Vinyl Cache version 9.0.1 and Varnish Cache versions8.0.2 and 6.0.18 are now available. These releases address the vulnerability described in VSV00019.
HTTP/2 parsing deficiency¶
2026-05-18
Please see VSV00019 Vinyl Cache / Varnish Cache HTTP/2 parsing deficiency.
New Tutorial: Configuring TLS with haproxy¶
2026-04-11
Learn how to support TLS client and backend connections in tandem with haproxy:Configuring TLS with haproxy
On Vinyl Cache and Varnish Cache¶
2026-04-08
Read what happened since we announced the rename to Vinyl Cache and how to tell apart Vinyl Cache and the new Varnish Cache project: On Vinyl Cache and Varnish Cache
Vinyl Cache 9.0.0 is released¶
2026-03-16
Our bi-annual “fresh” release is here: Vinyl Cache 9.0.0. This release addresses the vulnerability described in VSV00018.
The 7.7 series is no longer supported in any capacity.
Security releases: 8.0.1, 6.0.17¶
2026-03-16
Varnish version 8.0.1 and 6.0.17 are now available. These releases address the vulnerability described inVSV00018.
Absolute form parsing deficiency¶
2026-03-16
Please see VSV00018 Varnish Cache absolute form parsing deficiency.
Vinyl Cache has a new identity¶
2026-03-04
Read more about our new logo and wordmark: The Vinyl Cache Project has a New Identity
Vinyl Cache has left github: your action is required¶
2026-02-16
If you want to continue to interact with us, you need to take action.
Please read Vinyl Cache has left github for more.
Name-change in progress¶
2025-12-08
We are still the process changing the project name to Vinyl Cache, so dont be confused if you see Vinyl/Varnish being mixed up for a while. Varnish Software is going to continue to maintain a project called Varnish Cache.
Announcing VCOT: OpenTelemetry Instrumentation for Vinyl-Cache¶
2025-11-20
We’re happy to announce VCOT: OpenTelemetry Instrumentation for Vinyl-Cache.
New release: 8.0.0 with bonus project news¶
2025-09-15
We have a new major release today: 8.0.0, and some major project news for you.
20 years old and it is time to get serious(er)¶
2025-09-15
This coming february 22nd, The Varnish Cache Project will officially be 20 years old. And we will change the name of the project.
Read the full post: 20 years old and it is time to get serious(er)
New releases: 7.7.3, 7.6.5 and 6.0.16¶
2025-08-20
There are new releases available, 7.7.3, 7.6.5 and 6.0.16. These address a regression from the handling of VSV00017.
Varnish HTTP/2 Made You Reset Attack¶
2025-08-13
Please see VSV00017 Varnish HTTP/2 Made You Reset Attack
Security release 7.7.2¶
2025-08-13
Varnish version 7.7.2 is now available. This release addresses the vulnerability described inVSV00017.
Security release 7.6.4¶
2025-08-13
Varnish version 7.6.4 is now available. This release addresses the vulnerability described inVSV00017.
Security release 6.0.15¶
2025-08-13
Varnish version 6.0.15 is now available. This release addresses the vulnerability described inVSV00017.
Request Smuggling Attack¶
2025-05-12
Please see VSV00016 Request Smuggling Attack.
Security release 7.7.1¶
2025-05-12
Varnish versions 7.7.1 is now available. This release addresses the vulnerability described inVSV00016.
Security release 7.6.3¶
2025-05-12
Varnish versions 7.6.3 is now available. This release addresses the vulnerability described inVSV00016.
Security release 6.0.14¶
2025-05-12
Varnish versions 6.0.14 is now available. This release addresses the vulnerability described inVSV00016.
Varnish HTTP/1 client-side desync vulnerability¶
2025-03-17
Please see VSV00015 Varnish HTTP/1 client-side desync vulnerability.
Varnish 7.7.0 is released¶
2025-03-17
Our bi-annual “fresh” release is here: Varnish Cache 7.7.0
The 7.5 series is no longer supported in any capacity.
Security release 7.6.2¶
2025-03-17
Varnish versions 7.6.2 is now available. This release addresses the vulnerability described inVSV00015.