wdormann commented on PR #10: URL: https://github.com/apache/httpd-site/pull/10#issuecomment-1759932314
You seem to have replied to a message that I had deleted, due to a failure in my test by way of not properly enabling the http2 protocol. Even with Apache 2.4.57, combined with the nghttp2 that comes with Ubuntu 22.04, `httpd` will eventually get killed by oom-kill when under attack using CVE-2023-44487. Only [nghttp2 v1.57.0](https://nghttp2.org/blog/2023/10/10/nghttp2-v1-57-0/] has a fix for CVE-2023-44487, so I don't think that Apache is in a place to say that it's not affected. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@httpd.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
