mod_h2 v2.0.25

icing released this 19 Oct 10:48

· 31 commits to master since this release

Fixed a bug that prevented immediate memory release of reset streams
on rare occasions. Memory was reclaimed instead at connection close.
This could be exploited, unless nghttp2 v1.57.0 is used, in a variation
of the Rapid Reset attack. Apache httpd issued CVE-2023-45802 for this.
Synchronized with Apache httpd svn trunk

Assets 3

Provide feedback