[Bug 295842] www/apache24: Patch CVE-2026-49975 (HTTP2 Bomb DoS)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 295842] www/apache24: Patch CVE-2026-49975 (HTTP2 Bomb DoS)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 04 Jun 2026 08:16:51 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295842

Bernard Spil <brnrd@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |brnrd@freebsd.org
         Resolution|---                         |FIXED
             Status|New                         |Closed

--- Comment #2 from Bernard Spil <brnrd@freebsd.org> ---
Thanks Dani!

People can also use www/mod_http2 as a mitigation, that's already at 2.0.42.
With the slew of LLM assisted security findings, it may be wise to pivot to the
separate module. Note you have to modify your LoadModule for this to work!

-- 
You are receiving this mail because:
You are the assignee for the bug.