HTTP/2 support was added to haproxy in version 1.8, therefore OpenShift Container Platform (OCP) 3.7 and earlier are unaffected by this flaw, see . OCP 3.11 added a configuration option to ose-haproxy-router that made enabling HTTP/2 support easy, . Prior to that, in versions OCP 3.9 and 3.10, an administrator had to customize the haproxy router configuration to add HTTP/2 support, . OCP 3.9, and 3.10 are rated as moderate because HTTP/2 support was not a standard configuration option, and therefore unlikely to be enabled.
Versions of haproxy included in Kylin Enterprise Linux 6 and 7, excluding rh-haproxy18-haproxy in Kylin Software Collections, are unaffected as they package versions of haproxy before 1.7.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.