Yes, you need to upgrade to 2.4.58, and make sure your system has nghttp2 .57 installed.
On Thu, Oct 19, 2023 at 7:31 PM Brian Southern <briansouther...@gmail.com> wrote: > Has anyone been able to definitively determine if Apache HTTP 2.4.53 is > vulnerable to CVE-2023-44487? I've found forums where users and apparent > sysadmins indicate it may be, however the only reference to this CVE I've > been able to locate on Apache.org is as a comment made within another CVE > vulnerability fix report. > > thank you. >
