sydlexius 245 Posted October 11, 2023 Share Posted October 11, 2023 (edited) FYI, there's a flaw in the specification for HTTP/2 that is actively being exploited (specifically, DoS attacks). MS has released updates that mitigates implementations such as .NET (Kestrel), though note that I believe the current mitigation disables HTTP/2. The long-term fix will be some sort of rate-limiter: https://www.cve.org/CVERecord?id=CVE-2023-44487 Details of the fix and the two new AppContext properties can be found here: https://github.com/dotnet/announcements/issues/277 Edited October 11, 2023 by sydlexius (fixed mistake, added details about new options) 1 Link to comment Share on other sites More sharing options...
sydlexius 245 Posted October 11, 2023 Author Share Posted October 11, 2023 For those of you using Nginx for reverse proxying, it had been implemented in such a way to prevent this sort of attack. 1 Link to comment Share on other sites More sharing options...
rbjtech 4337 Posted October 12, 2023 Share Posted October 12, 2023 Can you add a 'security' tag onto the topic pls - I'm not sure how emby are tagging security related requests/posts, but I've seen the security tag being used before ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now