Changelog for haproxy-2.4.22-3.el9_3.x86_64.rpm :

* Tue Jan 23 2024 Ryan O\'Hara - 2.4.22-3- Reject \"#\" as part of URI path component (CVE-2023-45539, RHEL-18169)
* Wed Jan 17 2024 Ryan O\'Hara - 2.4.22-2- Reject any empty content-length header value (CVE-2023-40225, RHEL-7736)
* Tue Jun 06 2023 Ryan O\'Hara - 2.4.22-1- Update to 2.4.22 (#2196530)
* Tue May 02 2023 Ryan O\'Hara - 2.4.17-7- Fix uninitizalized resevered bytes (CVE-2023-0836, #2180861)
* Mon Feb 27 2023 Ryan O\'Hara - 2.4.17-6- Reject empty http header field names (CVE-2023-25725, #2169510)
* Mon Feb 27 2023 Ryan O\'Hara - 2.4.17-5- Refuse interim responses with end-stream flag set (CVE-2023-0056, #2161140)
* Wed Nov 30 2022 Ryan O\'Hara - 2.4.17-4- Use systemd-sysusers for user/group creation (#2095422)
* Mon Jul 25 2022 Ryan O\'Hara - 2.4.17-3- Fix changelog and rebuild
* Wed Jun 08 2022 Ryan O\'Hara - 2.4.17-2- Add configuration directory and update systemd unit file (#2093482)
* Wed May 25 2022 Ryan O\'Hara - 2.4.17-1- Update to 2.4.17 #(2088532)- Fix unbound loop when Set-Cookie2 header is present (#2070448)