Fixing request smuggling vulnerabilities in Pingora OSS deployments

Cloudflare disclosed multiple HTTP/1.x request smuggling/desynchronization vulnerabilities in the open-source Pingora ingress proxy (three CVEs) that could allow bypassing proxy-layer controls, cross-user hijacking, and cache poisoning; fixes and RFC-stricter hardening were released in Pingora 0.8.0, Cloudflare’s CDN was not affected, and standalone Pingora deployments exposed to the Internet are urged to upgrade.