HTTP/2 C library and tools

Nghttp2 v1.61.0

We have released nghttp2 v1.61.0.

This release includes security advisory.

Security Advisory

CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage

For more information, read the security advisory.

For other changes, refer to v1.61.0 release notes.

Do not download the archive files generated by GitHub. They do not work. Please download the signed and versioned tar balls, such as nghttp2-1.61.0.tar.gz.