h2 bomb
Poul-Henning Kamp
phk at phk.freebsd.dk
Thu Jun 4 08:18:26 UTC 2026
Found it:
https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
I think the way we manage workspace and HTTP headers is safe against
this.
Have not checked vtest2
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the vinyl-dev
mailing list