From 8bb4d5bfbd30255e8be6516bc741b5186d63841c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Fri, 5 Apr 2024 22:07:50 +0200 Subject: Cowboy 2.12 --- index.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'index.xml') diff --git a/index.xml b/index.xml index b8015803..4a9b987b 100644 --- a/index.xml +++ b/index.xml @@ -4056,6 +4056,18 @@ Compatibility Compatibility with Erlang/OTP R16, 17 and 18 has been dropped. Erl HTTP IANA Registries HTTP Method Registry HTTP Status Code Registry Message Headers HTTP Parameters HTTP Alt-Svc Parameter Registry HTTP Authentication Scheme Registry HTTP Cache Directive Registry HTTP Digest Algorithm Values HTTP Origin-Bound Authentication Device Identifier Types HTTP Upgrade Token Registry HTTP Warn Codes HTTP/2 Parameters WebSocket Protocol Registries Current CORS: Cross-Origin Resource Sharing CSP2: Content Security Policy Level 2 DNT: Tracking Preference Expression (DNT) eventsource: Server-Sent Events Form content types: Form content types Preload: Preload PROXY: The PROXY protocol REST: Fielding's Dissertation RFC 1945: HTTP/1. + + Cowboy 2.12 + https://ninenines.eu/articles/cowboy-2.12.0/ + Fri, 05 Apr 2024 07:00:00 +0100 + + https://ninenines.eu/articles/cowboy-2.12.0/ + Cowboy 2.12.0 has been released! +Cowboy 2.12 contains a fix for a security vulnerability in the HTTP/2 protocol implementation that has recently been made public: HTTP/2 CONTINUATION Flood. +Cowboy adds a new HTTP/2 option max_fragmented_header_block_size to control how much data is accepted in CONTINUATION frames before an error is triggered. +Cowboy 2.12 was produced and released a few weeks ago, as a result of advance knowledge of this vulnerability. If you already upgraded, you are safe! + + Cowboy 2.11 https://ninenines.eu/articles/cowboy-2.11.0/ -- cgit v1.2.3