Tom, On 9/27/24 10:49, Tom Colley wrote:
In releases prior to 10.1.25, Can CVS-2024-34750 (https://nvd.nist.gov/ vuln/detail/CVE-2024-34750 <https://nvd.nist.gov/vuln/detail/ CVE-2024-34750>) be mitigated by removing <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> (which I'm thinking would disable HTTP/2) from all of the connectors in server.xml?
Yes, disabling h2 will mitigate all h2-related vulnerabilities. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
