Update h2 #4551

irevoire · 2024-04-04T16:03:02Z

We're affected by the issue described here: https://seanmonstar.com/blog/hyper-http2-continuation-flood/

A malicious actor could slow down our requests by pushing a lot of tasks into tokio and making Meilisearch slower.
The fix already landed into h2. We simply need to update it

The text was updated successfully, but these errors were encountered:

4553: update h2 r=dureuill a=irevoire # Pull Request ## Related issue Fixes #4551 4554: Update version for the next release (v1.7.5) in Cargo.toml r=irevoire a=meili-bot ⚠️ This PR is automatically generated. Check the new version is the expected one and Cargo.lock has been updated before merging. Co-authored-by: Tamo <tamo@meilisearch.com> Co-authored-by: irevoire <irevoire@users.noreply.github.com>

4553: update h2 r=curquiza a=irevoire # Pull Request ## Related issue Fixes #4551 Co-authored-by: Tamo <tamo@meilisearch.com>

curquiza · 2024-04-05T16:28:47Z

Closed by #4553

irevoire added the CPU/RAM usage label Apr 4, 2024

irevoire added this to the v1.7.5 milestone Apr 4, 2024

irevoire mentioned this issue Apr 4, 2024

update h2 #4553

Merged

curquiza added the security Address a security vulnerability label Apr 4, 2024

meili-bors bot added a commit that referenced this issue Apr 4, 2024

Merge #4553

c2c73c1

4553: update h2 r=curquiza a=irevoire # Pull Request ## Related issue Fixes #4551 Co-authored-by: Tamo <tamo@meilisearch.com>

curquiza closed this as completed Apr 5, 2024

meili-bot added the v1.7.5 PRs/issues solved in v1.7.5 label Apr 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update h2 #4551

Update h2 #4551

irevoire commented Apr 4, 2024

curquiza commented Apr 5, 2024

Update h2 #4551

Update h2 #4551

Comments

irevoire commented Apr 4, 2024

curquiza commented Apr 5, 2024