On 14/10/19 10:07 pm, Glyph wrote:
On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net <mailto:hawkowl@atleastfornow.net>> wrote:
Hello everyone, it's time for more Twisted!
//I/t's *always* time for more Twisted/
It contains:
- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. - HTTP/2 fixes regarding timeouts.
My understanding is that these are pretty much all resource-exhaustion attacks?
I believe so.
Thanks for keeping the release train moving, Amber!
Do we have any progress on a volunteer who will shadow this one / the next one?
This release is something I've snuck in work time. ;) I have thought on it a bit, and I'm planning on eliminating some (IMO needless) steps to make such an onboarding more viable, before I start that. I have also not had free time to organise getting someone to shadow it, which is irony :P But, now I'm not on the Keynote Trail, I'm hoping there's time for this.
Twisted prevails,
-g
yay twisted, - hawkie