a36286cf89
This addresses the same CVE as is patched in go1.19.6. From that announcement: > net/http: avoid quadratic complexity in HPACK decoding > > A maliciously crafted HTTP/2 stream could cause excessive CPU consumption > in the HPACK decoder, sufficient to cause a denial of service from a small > number of small requests. > > This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually > configuring HTTP/2. > > This is CVE-2022-41723 and Go issue https://go.dev/issue/57855. full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| client.go | ||
| dial.go | ||
| hybi.go | ||
| server.go | ||
| websocket.go | ||