GitHub user pjfanning added a comment to the discussion: HTTP2 Server Preview
https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/ This is not the only DDOS exploit being attempted on HTTP2 servers. We are not working full time patching Pekko-Http. To be honest, HTTP 1.1 has many flaws too so I'm not saying that stick with that either. The key thing is that we might regard Pekko-HTTP HTTP2 support as usable but it is super important to not expose it to the public internet without using a HTTP proxy or load balancer. GitHub link: https://github.com/apache/pekko-http/discussions/756#discussioncomment-14362155 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
