On 2023-10-24 14:09, Frank Gingras wrote: [snip]
Keep in mind that nghttp2 is a build requirement for HTTP/2, which was outlined in the threads pertaining to CVE 2033-44487. Testing with that tool should be fine.
Good point, thanks. I had missed it. In the Ubuntu world (nearly all of my servers) <https://ubuntu.com/security/CVE-2023-44487> starts with the statement that "The nginx developers do not consider nginx to be affected by this issue" and seeing that I systematically use nginx as a front end, I didn't read further -- my bad. Thanks Frank.
Paul --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
