209

Nginx gets forked by core developer (mailman.nginx.org)

submitted 1 year ago by poVoq@slrpnk.net to c/opensource@lemmy.ml

31 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[+] BaumGeist@lemmy.ml 20 points 1 year ago* (last edited 2 months ago)

[deleted]

[-] chameleon@kbin.social 7 points 1 year ago

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental

Do note that despite not being enabled by default, it is enabled in the official binary packages.

There's a funny amount of layers to this thing but as far as I'm concerned, if it's a feature you ship in the default binary packages on your site, that is definitively enough for a CVE even if it's disabled by default.

[-] lorty@lemmygrad.ml 5 points 1 year ago

Doesn't expose information
the service/thread just restarts
Is an experimental feature
that's not enabled by default

Yeah I can definitely see why the devs decided to just fix it on the next patch. Reporting a CVE for this feels very unnecessary.

[-] fernandofig@reddthat.com 4 points 1 year ago

Thank you for digging this out. Turns out it's even worse than what I gleaned from my surface-level take.

[-] NaoPb@eviltoast.org 3 points 1 year ago

Thanks for this. I get now why the devs are pissed.

this post was submitted on 15 Feb 2024

209 points (97.3% liked)

Open Source

39405 readers

118 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml