On Tue, Oct 10, 2023 at 3:04 PM Maxim Dounin <mdou...@mdounin.ru> wrote: > > On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote: > > > This just made my radar: > > <https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html>. > > > > From the article: > > > > F5, in an independent advisory of its own, said the attack impacts the > > NGINX HTTP/2 module and has urged its customers to update their NGINX > > configuration to limit the number of concurrent streams to a default of > > 128 and persist HTTP connections for up to 1000 requests. > > The "the attack impacts the NGINX HTTP/2 module" claim is > incorrect, see here: > > https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html > > Hope this helps.
Thanks Maxim. The Nginx team may want to publish a blog post or knowledge article. I got 0 hits when searching the site <https://www.google.com/search?q="rapid+reset"+site:nginx.org>. It will help admins and executives find the team's information. Jeff _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
