Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lib: nghttp2: backport upstream security fix #9052

Merged
merged 1 commit into from
Jul 5, 2024
Merged

lib: nghttp2: backport upstream security fix #9052

merged 1 commit into from
Jul 5, 2024

Conversation

edsiper
Copy link
Member

@edsiper edsiper commented Jul 5, 2024

Before v3.1 release, we wanted to upgrade to Nghttp2 version 1.62, however, we found some build issues on Windows and the issue has been reported. In the meanwhile upstream fixes the build process, this PR backports a security fix that was available in recent versions:

00201ecd [PATCH] Limit CONTINUATION frames following an incoming HEADER frame

GHSA-x6x3-gv8h-m57q

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@edsiper
lib: nghttp2: backport upstream security fix
b538019 
This is the security fix reported in github:

00201ecd [PATCH] Limit CONTINUATION frames following an incoming HEADER frame

GHSA-x6x3-gv8h-m57q

Signed-off-by: Eduardo Silva <eduardo@calyptia.com>
@edsiper edsiper added this to the Fluent Bit v3.1.0 milestone Jul 5, 2024
@edsiper edsiper merged commit f041691 into master Jul 5, 2024
42 of 43 checks passed
@edsiper edsiper deleted the nghttp2-patches branch July 5, 2024 19:56
@BrewTestBot BrewTestBot mentioned this pull request Jul 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich leonardo-albertovich is a code owner

@fujimotos fujimotos Awaiting requested review from fujimotos fujimotos is a code owner

@koleini koleini Awaiting requested review from koleini koleini is a code owner

Assignees
No one assigned
Labels
docs-required
Projects
None yet
Milestone
Fluent Bit v3.1.0
Development

Successfully merging this pull request may close these issues.
1 participant
@edsiper