On Oct 14, 2019, at 1:05 AM, Amber Brown (hawkowl) <hawkowl@atleastfornow.net> wrote:

Hello everyone, it's time for more Twisted!

It's always time for more Twisted

It contains:

- Security fixes for HTTP/2 -- CVE-2019-9512 (Ping Flood), CVE-2019-9514
(Reset Flood), and CVE-2019-9515 (Settings Flood).  Thanks to Jonathan
Looney and Piotr Sikora.
- HTTP/2 fixes regarding timeouts.

My understanding is that these are pretty much all resource-exhaustion attacks?

I believe so.

Thanks for keeping the release train moving, Amber!

Do we have any progress on a volunteer who will shadow this one / the next one?

This release is something I've snuck in work time. ;)

I have thought on it a bit, and I'm planning on eliminating some (IMO needless) steps to make such an onboarding more viable, before I start that. I have also not had free time to organise getting someone to shadow it, which is irony :P

But, now I'm not on the Keynote Trail, I'm hoping there's time for this.

Twisted prevails,

-g

yay twisted,

- hawkie