Hacker News new | ask | show | jobs
by anshargal 978 days ago
So is nginx with http2 enabled vulnerable too? Caddy? I should I not worry about this, because a small (by Cloudflare scale) botnet may DDoS a single server completely anyway?
3 comments
mholt 977 days ago
Go is patching it soon: https://github.com/caddyserver/caddy/issues/5877#issuecommen...

(Caddy just uses Go's HTTP/2 implementation.)

link
bwesterb 977 days ago
Go patches are out. (1.21.3, 1.20.10)
link
otbutz 977 days ago
nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacti...

caddy: https://github.com/caddyserver/caddy/issues/5877

link
thresh 977 days ago
nginx: https://mailman.nginx.org/pipermail/nginx-devel/2023-October...
link