Skip to content

Strict header validation, defend HTTP/2 rapid reset, range request fix

Compare
Choose a tag to compare
@litespeedtech litespeedtech released this 01 Jan 23:31
· 6 commits to v1_7 since this release
  • [Security] More strict header validations
  • [Security] Detect HTTP/2 repaid reset attack and disable HTTP/2 for attacking IP.
  • [Improve] Update libmodsecurity to 3.0.11
  • [Bug Fix] Fix a HTTP/3 integration issue that causes high CPU usage.
  • [Bug Fix] Rewrite rule configured in parent directory is disabled due to an empty .htaccess.
  • [Bug Fix] Address a compatibility issue with Ruby application using Rack 3.0+.
  • [Bug Fix] Address issue in serving a HTTP range request.
  • [Bug Fix] Address range request download error.
  • [Bug Fix] Address PHP possible dead lock error.