Async-h1 v2.3.0 security release (please upgrade)

yoshuawuyts · December 18, 2020, 1:51pm

https://github.com/http-rs/async-h1/releases/tag/v2.3.0

Hi all, we've published async-h1 v2.3.0 which includes a patch for a critical security vulnerability affecting usage on proxied servers. We urge everyone using async-h1 or tide to update using cargo update as soon as possible.

We've published a security advisory covering the vulnerability in more detail. If you have any concerns and would like to reach out, the core team can be found on Zulip.

system · March 18, 2021, 1:51pm

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Surf 2.2.0 has been released! announcements	2	470	June 1, 2021
New post: Async HTTP announcements	1	471	May 25, 2020
Announcing async-std v1.5.0	1	456	May 3, 2020
Tide v0.16.0 has been released! announcements	1	490	April 29, 2021
Trust-DNS 0.18 (async/await + Tokio 0.2 support) announcements	1	1112	March 21, 2020

Async-h1 v2.3.0 security release (please upgrade)

Related Topics