The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2.
Security Fix(es):
nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.(CVE-2026-58055)
{
"severity": "Medium"
}{
"noarch": [
"nghttp2-help-1.58.0-4.oe2403sp3.noarch.rpm"
],
"src": [
"nghttp2-1.58.0-4.oe2403sp3.src.rpm"
],
"aarch64": [
"libnghttp2-1.58.0-4.oe2403sp3.aarch64.rpm",
"libnghttp2-devel-1.58.0-4.oe2403sp3.aarch64.rpm",
"nghttp2-1.58.0-4.oe2403sp3.aarch64.rpm",
"nghttp2-debuginfo-1.58.0-4.oe2403sp3.aarch64.rpm",
"nghttp2-debugsource-1.58.0-4.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"libnghttp2-1.58.0-4.oe2403sp3.x86_64.rpm",
"libnghttp2-devel-1.58.0-4.oe2403sp3.x86_64.rpm",
"nghttp2-1.58.0-4.oe2403sp3.x86_64.rpm",
"nghttp2-debuginfo-1.58.0-4.oe2403sp3.x86_64.rpm",
"nghttp2-debugsource-1.58.0-4.oe2403sp3.x86_64.rpm"
]
}