https://github.com/http-rs/async-h1/releases/tag/v2.3.0
Hi all, we've published async-h1
v2.3.0 which includes a patch for a critical security vulnerability affecting usage on proxied servers. We urge everyone using async-h1
or tide
to update using cargo update
as soon as possible.
We've published a security advisory covering the vulnerability in more detail. If you have any concerns and would like to reach out, the core team can be found on Zulip.