[ol8_appstream] mod_http2-1.15.7-10.module+el8.10.0+90430+1ba508be.1.x86_64

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on
top of libnghttp2 for httpd 2.4 servers.

Changelog (Show File list) (Show related packages)

• Tue Aug 27 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10.1

  - Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431
    occurs using http/2 on RHEL8

• Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10

  - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames
    DoS (CVE-2024-27316)

• Fri Feb 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-9.3

  - Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory
    (incomplete fix of CVE-2023-44487)(CVE-2023-45802)

• Sat Mar 18 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-8.3

  - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
    with mod_rewrite and mod_proxy

• Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-7

  - Resolves: #2095650 - Dependency from mod_http2 on httpd broken

• Tue Nov 01 2022 Tomas Korbar <tkorbar@redhat.com> - 1.15.7-6

  - Backport SNI feature refactor
  - Resolves: rhbz#2137257

• Mon Jan 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-5

  - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
    or SSRF in forward proxy configurations

• Thu Jan 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-4

  - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd:
    Request splitting via HTTP/2 method injection and mod_proxy

• Fri Oct 30 2020 Lubos Uhliarik <luhliari@redhat.com> - 1.15.7-3

  - Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
    mod_http2 concurrent pool usage

• Mon Aug 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 1.15.7-2

  - Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: 
    Push diary crash on specifically crafted HTTP/2 header