Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(patches): apply Nginx patch for detecting HTTP/2 stream reset attacks early (CVE-2023-44487) #11743

Merged
merged 1 commit into from
Oct 12, 2023
Merged

fix(patches): apply Nginx patch for detecting HTTP/2 stream reset attacks early (CVE-2023-44487) #11743

merged 1 commit into from
Oct 12, 2023

Conversation

windmgc
Copy link
Member

@windmgc windmgc commented Oct 12, 2023

fix(patches): apply Nginx patch for detecting HTTP/2 stream reset attacks early (CVE-2023-44487)

From nginx/nginx@6ceef19

Summary

Patch was acquired from here:
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html

It was slightly modified to apply cleanly on our nginx-1.21.4 (just small offset differences),

See: https://www.cve.org/CVERecord?id=CVE-2023-44487

SIR-435

Checklist

@windmgc @chronolaw @dndx
fix(patches): apply Nginx patch for detecting HTTP/2 stream reset att…
7429c92 
…acks early (CVE-2023-44487)

From nginx/nginx@6ceef19
---------

Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
Co-authored-by: chronolaw <chrono_cpp@me.com>
Co-authored-by: Datong Sun <datong.sun@konghq.com>
@dndx dndx merged commit c54eddd into master Oct 12, 2023
26 checks passed
@dndx dndx deleted the cp-http2-ddos-fix branch October 12, 2023 04:31
@team-gateway-bot team-gateway-bot mentioned this pull request Oct 12, 2023
Merged
@dcarley
Copy link
Contributor

dcarley commented Oct 13, 2023

@windmgc Will this be backported to 3.3.x also?

@haili-shen
Copy link

Will this be backported to 2.8.x? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dndx dndx dndx approved these changes

@chobits chobits chobits approved these changes

@chronolaw chronolaw Awaiting requested review from chronolaw

@bungle bungle Awaiting requested review from bungle

@fffonion fffonion Awaiting requested review from fffonion

Assignees

@windmgc windmgc

Labels
build/bazel size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@windmgc @dcarley @haili-shen @chobits @dndx