Y
Hacker News
new
|
ask
|
show
|
jobs
by
nelse
799 days ago
I think that recompiling with upgraded Go will not solve the issue. It seems Caddy imports `golang.org/x/net/http2` and pins it to v0.22.0 which is vulnerable:
https://github.com/caddyserver/caddy/issues/6219#issuecommen...
.
1 comments
thegeekpirate
799 days ago
Looks like it's been fixed if you recompile from master as of a few minutes ago
link