Release date:
2026-06-12 14:10:48 UTC
Description:
- CVE-2023-44487: HTTP/2 Rapid Reset. Backport the nghttp2 RST_STREAM
rate-limit mitigation (token bucket, burst=1000 rate=33/s) to the bundled
deps/nghttp2 1.47.0; once the per-connection budget is exhausted a GOAWAY
is sent, tearing down peers that rapidly open and cancel HTTP/2 streams.
Minimal cherry-pick of upstream nghttp2 commit 72b4af6143 (shipped in
1.57.0), no wholesale version bump
Updated packages:
-
alt-nodejs16-nodejs-16.20.2-22.el8.x86_64.rpm
sha:c76dd8a68f4ccd60a8e92b8d0d926ab56d3269b86b4f862c44af503190e0c730
-
alt-nodejs16-nodejs-devel-16.20.2-22.el8.x86_64.rpm
sha:96f729dac6d3a9921ad8c17b639cfda8c249d5574cb40ed8c08a79c65af1eaa9
-
alt-nodejs16-nodejs-docs-16.20.2-22.el8.noarch.rpm
sha:2652082993b06d4392f0fcd7e7fe54507086b0346a0f0c5845bda8a7b3bf81f4
-
alt-nodejs16-npm-8.19.4-16.20.2.22.el8.x86_64.rpm
sha:ccaa23bd32a08a299ea44de32ec484e4a9e3d882a7c90aac80e74115de9825bd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
