On Tue, Oct 10, 2023 at 3:04 PM Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote:
>
> > This just made my radar:
> > https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html.
> >
> > From the article:
> >
> > F5, in an independent advisory of its own, said the attack impacts the
> > NGINX HTTP/2 module and has urged its customers to update their NGINX
> > configuration to limit the number of concurrent streams to a default of
> > 128 and persist HTTP connections for up to 1000 requests.
>
> The "the attack impacts the NGINX HTTP/2 module" claim is
> incorrect, see here:
>
> https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
>
> Hope this helps.

Thanks Maxim.

The Nginx team may want to publish a blog post or knowledge article. I
got 0 hits when searching the site
<https://www.google.com/search?q="rapid+reset"+site:nginx.org>. It
will help admins and executives find the team's information.

Jeff
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx