- Fixed high‑severity HTTP/2 server crash (CVE‑2024‑27983) by addressing an assertion failure in Http2Session
- Patched medium‑severity HTTP request smuggling (CVE‑2024‑27982) by disabling OBS folding in headers
- Updated llhttp to 9.2.1 and undici to 5.28.4, and ensured streams are closed when destroying sessions
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.