- Fixes CVE-2025-53020 (https://www.cve.org/CVERecord?id=CVE-2025-53020)
where a client can increase memory consumption for a HTTP/2 connection
via repeated request header names,leading to denial of service. - Fixes CVE-2025-49630 (https://www.cve.org/CVERecord?id=CVE-2025-49630)
where in certain proxy configurations whith mod_proxy_http2 as the
backend, an assertion can be triggered by certain requests, leading
to denial of service.
icing/mod_h2
v2.0.33
mod_h2 v2.0.33
on GitHub
latest releases:
v2.0.35, v2.0.34
one month ago