Post Syndicated from daroc original https://lwn.net/Articles/968600/

On April 3 security researcher Bartek Nowotarski

published the details of a new denial-of-service (DoS)
attack, called a “continuation flood”, against many
HTTP/2-capable web
servers. While the attack is not terribly complex, it affects many independent
implementations of the HTTP/2 protocol, even though multiple
similar vulnerabilities over the years have given implementers plenty of warning.