New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP/2 continuation flood (FYI) #6219
Comments
My understanding is this is already fixed in Go, you just need to build Caddy with the latest Go version. Nothing for us to do here. |
Is making a new release with prebuilt binaries that don't contain this bug an option? Currently I've installed Caddy through Caddy's Debian repos and I was hoping for there to be a solution that would just be |
The issue is also in caddy/modules/caddyhttp/http2listener.go Line 12 in 45132c5
The version imported is 0.22: Line 41 in 45132c5
and the security advisory includes this version as vulnerable. |
You should be able to build from master now to have the fix. |
Will there be a new release for this? Thanks for the quick response. |
https://nowotarski.info/http2-continuation-flood-technical-details/
The text was updated successfully, but these errors were encountered: