An industry level HTTP/2 vulnerability related to HTTP/2 CONTINUATION frames being utilized for DoS attacks has just been published.
https://www.kb.cert.org/vuls/id/421644 Eclipse Jetty is Not Affected by this vulnerability. The Eclipse Jetty team (and the original reporter of the vulnerability) has tested various recent releases of Eclipse Jetty to verify. The following releases, using default configurations for HTTP/2, have been tested and do not have the problems identified in the vulnerability. - Eclipse Jetty - 12.0.7 (current supported version) - Eclipse Jetty - 11.0.20 (now at End of Community Support) - Eclipse Jetty - 10.0.20 (now at End of Community Support) - Eclipse Jetty - 9.4.54 (now at End of Community Support) Joakim Erdfelt / [email protected]
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
