Skip to content

3.4.4

Latest
Latest

Choose a tag to compare

View all tags
@trowski trowski released this 08 Feb 18:32
v3.4.4
This tag was signed with the committer’s verified signature.
trowski Aaron Piotrowski
GPG key ID: 5B456E6AABA44A63
Verified
Learn about vigilant mode.
8dc32cc
This commit was signed with the committer’s verified signature.
trowski Aaron Piotrowski
GPG key ID: 5B456E6AABA44A63
Verified
Learn about vigilant mode.

What's Changed

Fixed "MadeYouReset" HTTP/2 DoS attack vector described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506.

Stream reset protection has been refactored to account for the number of reset streams within a sliding time window. Note that your application must expose HTTP/2 connections directly to be affected by this vulnerability. Servers behind a proxy using HTTP/1.x such as nginx are not affected.

Full Changelog: v3.4.3...v3.4.4

Assets 2
Loading