-
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
69 changed files
with
721 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
+++ | ||
date = "2024-04-05T07:00:00+01:00" | ||
title = "Cowboy 2.12" | ||
+++ | ||
|
||
Cowboy `2.12.0` has been released! | ||
|
||
Cowboy 2.12 contains a fix for a security vulnerability | ||
in the HTTP/2 protocol implementation that has recently | ||
been made public: | ||
https://nowotarski.info/http2-continuation-flood/[HTTP/2 CONTINUATION Flood]. | ||
|
||
Cowboy adds a new HTTP/2 option `max_fragmented_header_block_size` | ||
to control how much data is accepted in CONTINUATION | ||
frames before an error is triggered. | ||
|
||
Cowboy 2.12 was produced and released a few weeks ago, | ||
as a result of advance knowledge of this vulnerability. | ||
If you already upgraded, you are safe! If not, please | ||
upgrade as soon as possible. | ||
|
||
Both Cowboy and Cowlib must be upgraded. Cowlib 2.13 | ||
has been produced for this fix. This is a minor release | ||
and not a patch release only because of the newly added | ||
option. | ||
|
||
Cowboy 2.12 requires Erlang/OTP 24.0 or greater. | ||
It is tested and supported on Linux, macOS and Windows. | ||
|
||
A complete | ||
list of changes can be found in the migration guide: | ||
https://ninenines.eu/docs/en/cowboy/2.12/guide/migrating_from_2.11/[Migrating from Cowboy 2.11 to 2.12]. | ||
|
||
You can donate to this project via | ||
https://github.com/sponsors/essen[GitHub Sponsors]. | ||
|
||
As usual, feedback is appreciated, and issues or | ||
questions should be sent via Github tickets or | ||
discussions. Thanks! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.