Release date:
2026-06-12 12:28:40 UTC
Description:
- CVE-2023-44487: HTTP/2 Rapid Reset. Backport the nghttp2 RST_STREAM
rate-limit mitigation (token bucket, burst=1000 rate=33/s) to the bundled
deps/nghttp2 1.47.0; once the per-connection budget is exhausted a GOAWAY
is sent, tearing down peers that rapidly open and cancel HTTP/2 streams.
Minimal cherry-pick of upstream nghttp2 commit 72b4af6143 (shipped in
1.57.0), no wholesale version bump
Updated packages:
-
alt-nodejs16-nodejs-16.20.2-22.el7.x86_64.rpm
sha:3e8988332a0a25f9125ff67232044a407a7c6aa335f2b52ce0f8dced6205b631
-
alt-nodejs16-nodejs-devel-16.20.2-22.el7.x86_64.rpm
sha:26f918978e62d9aa13ea84dcc3e8c94e400071ad5c482aca346075fa0cc0af8c
-
alt-nodejs16-nodejs-docs-16.20.2-22.el7.noarch.rpm
sha:2d7f56a0eb530ea84514f5a9fd1951fdf53a280372467e1f14124f0af6124b65
-
alt-nodejs16-npm-8.19.4-16.20.2.22.el7.x86_64.rpm
sha:e5dd47f5cee40bf96c30162f59a4ea3b85aee45f8b89c4f06a1350c24606ba57
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
