Updated: mingw64-x86_64-/nghttp2 libnghttp2_14/-devel 1.57

Fri, 13 Oct 2023 15:29:55 -0700 

The following packages have been upgraded in the Cygwin distribution:

* nghttp2                       1.57
* libnghttp2_14                 1.57
* libnghttp2-devel              1.57
* mingw64-x86_64-nghttp2        1.57

HTTP/2 and its header compression algorithm HPACK implementation.
The framing layer of HTTP/2 is implemented as a reusable library.
Also included are an HTTP/2 client, server, proxy, load test and
benchmarking tool.

NOTE:
Support for previously deprecated Python bindings, modules, and
documentation was dropped some releases ago.

For more information see the project home page:

        https://nghttp2.org/

or the repo README:

        https://github.com/nghttp2/nghttp2#readme

See link or text below for recent changes; after installation for
complete details of changes read /usr/share/doc/nghttp2/ChangeLog.

        https://nghttp2.org/blog/


2023-10-10      1.57.0

Security Advisory       CVE-2023-44487  HTTP/2 Rapid Reset

For more information, read the security advisory:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg

lib

This release has a fix to mitigate CVE-2023-44487: HTTP/2 Rapid Reset.
It has reasonable amount of default budgets for incoming RST_STREAM frames.
Application can tune the rate limit by using
nghttp2_option_set_stream_reset_rate_limit.
It can also implement its own rate limit by implementing
nghttp2_on_frame_recv_callback and check RST_STREAM frame.

nghttpx

This release fixes the bug that --single-process does not work.
It also fixes the bug that TLS connection is not rate limited.


-- 
              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look at the 
"List-Unsubscribe: " tag in the email header of this message. It will be in the 
format:

List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-announce>, 
<mailto:[email protected]?subject=unsubscribe>

The easiest unsubscribe method is to visit the web page associated with the 
mailing list as seen above, and click Unsubscribe.

Alteratively, you can send email to the list server using the address given in 
the mailto: above.

If you need more information on unsubscribing, start reading here:

https://sourceware.org/lists.html#unsubscribe

Please read *all* of the information on unsubscribing that is available 
starting at this URL.

Reply via email to