[MallocVoidstar]

Patched in 2.7.5: https://github.com/caddyserver/caddy/releases/tag/v2.7.5

I think it might also require a patched version of Go.

[jprd]

You could 'caddy upgrade' pretty quickly to get the patch (servers had updated go), though the release number bump didn't happen immediately.

Running the same now, or pulling a new binary, using xcaddy, etc. will get you 2.7.5 which also includes some other small fixes not related to rapid reset.

[kelthan]

There are new versions of Go which have this CVE patched already published and available for download.