Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
H2O up to version 2.2.4 has a bug that would allow an remote attacker to trigger a heap buffer overflow while the server attempts to emit an access log line.
Users should update to 2.2.5 as soon as possible, or disable access logging.
We would like to thank Marlies Ruck, ForAllSecure for finding the issue.
The text was updated successfully, but these errors were encountered:
The v2.2.5 archive contains the old mruby-iijson dependency in contrast with the master branch.
Sorry, something went wrong.
@proyb6 This is a bug fix release. Change of the JSON implementation was not a result of a bug.
Successfully merging a pull request may close this issue.