http://www.securityweek.com/high-profile-vulnerabilities-affect-http2-report discussed various issues reported at Black Hat USA 2016. This is a placeholder to confirm that Go isn't vulnerable to: 1. Slow Read ([CVE-2016-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546)) 2. HPACK Bomb ([CVE-2016-1544](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1544), [CVE-2016-2525](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2525)) 3. Stream Reuse ([CVE-2016-0150](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0150)) 4. Dependency Cycle Attack ([CVE-2015-8659](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8659))