A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
https://security-tracker.debian.org/tracker/DSA-5522-3
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5522-3
Continue reading...