Comment on Announcing freenginx.org
Corngood@lemmy.ml 9 months agofreenginx.org/pipermail/nginx/…/000007.html
The most recent “security advisory” was released despite the fact that the particular bug in the experimental HTTP/3 code is expected to be fixed as a normal bug as per the existing security policy, and all the developers, including me, agree on this.
And, while the particular action isn’t exactly very bad, the approach in general is quite problematic.
I read something about this the other day, but I’m having trouble wrapping my head around it.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2… my.f5.com/manage/s/article/K000138444 …nginx.org/…/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.htm…
This seems to have the best discussion I’ve found:
mcherm@lemmy.world 9 months ago
Thank you.