- Fix critical HTTP/2 server crash (CVE‑2024‑27983) and medium‑severity request smuggling (CVE‑2024‑27982)
- Update llhttp to 9.2.1 and undici to 5.28.4; disallow OBS folding in headers by default
- Ensure streams are closed when destroying an HTTP/2 session
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.