OT: Rapid Reset attacks on HTTP/2

Hi Everyone, This just made my radar: . From the article: F5, in an independent advisory of its own, said the attack impacts the NGINX HTTP/2 module and has urged its customers to update their NGINX configuration to l

Re: OT: Rapid Reset attacks on HTTP/2

Hi, from the article, these are the default values, so not too much to worry yet. Le mar. 10 oct. 2023 à 20:51, Jeffrey Walton a écrit : > Hi Everyone, > > This just made my radar: > . > > From the article: > > F5, in an ind

Re: OT: Rapid Reset attacks on HTTP/2

Hello! On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote: > Hi Everyone, > > This just made my radar: > . > > From the article: > > F5, in an independent advisory of its own, said the attack impacts the > N

Re: OT: Rapid Reset attacks on HTTP/2

On Tue, Oct 10, 2023 at 3:04 PM Maxim Dounin wrote: > > On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote: > > > This just made my radar: > > . > > > > From the article: > > > > F5, in an independent advisory of it

Re: OT: Rapid Reset attacks on HTTP/2

In the open version 1.24 and 1.25 the correction will be applied?, ¿or in the new release? Regards On Tue, Oct 10, 2023 at 3:46 PM Jeffrey Walton wrote: > On Tue, Oct 10, 2023 at 3:04 PM Maxim Dounin wrote: > > > > On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote: > > > > >

Re: OT: Rapid Reset attacks on HTTP/2

Hello! On Tue, Oct 10, 2023 at 05:30:52PM -0400, Rick Gutierrez wrote: > In the open version 1.24 and 1.25 the correction will be applied?, ¿or in > the new release? To re-iterate: We do not consider nginx to be affected by this issue. In the default configuration, nginx is sufficiently prote