Closed neomantra closed 9 months ago
Noting this Nginx patch mentioned in the upstream issue #930:
Noting that 1.21.4.3 was released which fixes this.
I did the updates yesterday, but they're not all building clean. Hopefully all the packages get to their repos and I can release today.
One can build their an image like so:
docker build --build-arg RESTY_APK_VERSION="=1.21.4.3-r0" -f alpine-apk/Dockerfile .
This was mitigated in release 1.21.4.3-0
and on.. (just released 1.21.4.3-1
).
An HTTP2 zero-day vulnerability was recently released -- dubbed "HTTP/2 Rapid Reset":
NGINX has a mitigation posted -- I'm not sure what versions that works against:
These Docker images can move differently than upstream OpenResty. While I will definitely build against new upstream OpenResty images, we can also provide our own patches.
I don't have the bandwidth do this, but I am happy to review and advance any PRs.
Marking this for #Hacktoberfest