Description: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. The issues affect nginx compiled with the ngx_http_v3_module (not compiled by default) if the "quic" option of the "listen" directive is used in a configuration file. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html References: https://my.f5.com/manage/s/article/K000138444 https://my.f5.com/manage/s/article/K000138445 https://nginx.org/en/security_advisories.html The issue affects nginx 1.25.0 - 1.25.3. The issue is fixed in nginx 1.25.4.
Created nginx tracking bugs for this issue: Affects: epel-all [bug 2264293] Affects: fedora-all [bug 2264295] Created nginx:1.20/nginx tracking bugs for this issue: Affects: fedora-all [bug 2264296] Created nginx:mainline/nginx tracking bugs for this issue: Affects: epel-all [bug 2264294] Affects: fedora-all [bug 2264297]
Fedora doesn't ship HTTP/3 support (due to being on the 1.20 stream). EPEL doesn't have modules anymore. I'm trying to push an update to the F38 Modular repos but the Module Build Service is having its usual issues.
The module build system seems to be broken since December: https://release-engineering.github.io/mbs-ui/modules So the F38 Modular build of the updated version is not being built. I will ping the Fedora Infra folks to see if we can give this one last poke.