Log Message:
nghttp2 nghttp2-tools: updated to 1.57.0

Nghttp2 v1.57.0

Security Advisory

CVE-2023-44487: HTTP/2 Rapid Reset

For more information, read the security advisory.

lib

This release has a fix to mitigate CVE-2023-44487: HTTP/2 Rapid Reset. It has \ 
reasonable amount of default budgets for incoming RST_STREAM frames. Application \ 
can tune the rate limit by using nghttp2_option_set_stream_reset_rate_limit. It \ 
can also implement its own rate limit by implementing \ 
nghttp2_on_frame_recv_callback and check RST_STREAM frame.

nghttpx

This release fixes the bug that --single-process does not work. It also fixes \ 
the bug that TLS connection is not rate limited.