mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-05 14:09:53 +03:00
bc0f65857e
Fixes CVE-2023-39325: rapid stream resets can cause excessive work A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded to the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>