Hello! On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote:
> Hi Everyone, > > This just made my radar: > <https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html>. > > From the article: > > F5, in an independent advisory of its own, said the attack impacts the > NGINX HTTP/2 module and has urged its customers to update their NGINX > configuration to limit the number of concurrent streams to a default of > 128 and persist HTTP connections for up to 1000 requests. The "the attack impacts the NGINX HTTP/2 module" claim is incorrect, see here: https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Hope this helps. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
