[Pkg-nginx-maintainers] Bug#1138794: CVE-2026-49975: HTTP/2 Bomb: Remote DoS against most major web servers
Gregory Colpart
reg at evolix.fr
Thu Jun 4 01:39:15 BST 2026
Hello,
On Wed, Jun 03, 2026 at 10:58:26PM +0200, Benjamin Sonntag wrote:
> […] I guess adding max_headers + changing the nginx default conf to
> put a sensible value there would be a good idea. […]
My 2 cents: it seems not necessary to change default conf because "max_headers 1000;"
should be the default value. Source: https://github.com/nginx/nginx/pull/1116/changes
--
Grégory Colpart - Gérant Evolix - Clé OpenPGP : 0x44975278B8612B5D
Evolix - Hébergement et Infogérance Open Source
Marseille (37 rue Guibal, Pôle Média, 13003) / Paris / Montréal
https://evolix.com | mastodon.evolix.org/@evolix | blog.evolix.com
More information about the Pkg-nginx-maintainers
mailing list