Announcing:
LiteSpeed Web ADC v2.5.1
In this release: Addressed recent HTTP/2 DoS advisories, bug fixes, and more!
RELEASE LOG:
[Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"".
[New Feature] Updated HTTP/3 support to Internet Draft 22.
[Improvement] reCAPTCHA engine has been improved to reduce false positives.
[Bug Fix] Fixed a regression that affected the handling of HEAD requests.
https://www.litespeedtech.com/products/litespeed-web-adc/release-log
Cheers!
LiteSpeed Web ADC v2.5.1
In this release: Addressed recent HTTP/2 DoS advisories, bug fixes, and more!
RELEASE LOG:
[Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"".
[New Feature] Updated HTTP/3 support to Internet Draft 22.
[Improvement] reCAPTCHA engine has been improved to reduce false positives.
[Bug Fix] Fixed a regression that affected the handling of HEAD requests.
https://www.litespeedtech.com/products/litespeed-web-adc/release-log
Cheers!