Saw the above and thought it was interesting; flaws in HTTP2 enabling these attack vectors. It made me wonder if Caddy has any protections against this sort of thing?
1 Like
Looks like golang released 1.21.3 which includes this fix, at least for net/http.
1 Like
See here:
We’ll cut a release shortly with the fix.
1 Like
Thanks for the hard work all, it’s appreciated.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.