Upstream update available: nghttp2 1.66.0 → 1.69.0 #2

New issue

Open

opened 2026-05-20 03:23:28 +03:00 by sbelikov · 0 comments

sbelikov commented 2026-05-20 03:23:28 +03:00

Owner

Copy link

Upstream update available: nghttp2 1.66.0 → 1.69.0

Package

• Package: nghttp2
• RPM name: nghttp2
• Branch: niceos-5.2
• Current EVR: 1.66.0-1
• Update class: minor
• Compare method: python_rpm
• Update policy: leaf
• Risk tags: github-upstream, network-facing

Upstream

• Upstream type: github
• Upstream project: nghttp2/nghttp2
• Upstream URL: github.com — nghttp2
• Detected version: 1.69.0
• Tag/release: v1.69.0
• Source: github_release_latest
• Published: 2026-04-19T09:19:07Z
• Release URL: github.com — v1.69.0
• Source URL: api.github.com — v1.69.0
• Pre-release: False

Signals

• Security-relevant keywords detected: False
• Policy blocked: False
• Policy reason: -
• Labels: ai-summary, bot, needs-build, needs-triage, priority/medium, update/minor, upstream-update, upstream/github

NiceSOFT AI preliminary stability analysis

Here's a summary of the key details from the provided sources regarding the nghttp2 1.69.0 release:

---

Key Features & Changes

1. Compatibility Improvements

   • HTTP Field Errors: Some errors related to HTTP fields are now treated as stream errors under the "glitch counter" to ensure compatibility with older systems.
   • Third-Party Bump: The library was updated to support llhttp v9.3.1, enhancing compatibility with other tools.

2. New Features

   • Encrypted Client Hello (ECH): Added support for encrypted Client Hello in the nghttpx tool.
   • --h3 Option: Introduced for h2load, allowing users to enable HTTP/3 (h3) via a short-hand flag.

3. Bug Fixes

   • Addressed issues in the HTTP/2 protocol handling, particularly for stream errors and field parsing.

---

Security & Stability

• No Known Vulnerabilities: The release does not include any public security advisories or vulnerabilities.
• Compatibility Notes: The changes aim to improve interoperability but may require testing in existing systems.

---

Relevance for Users

• Developers: The updates are critical for ensuring compatibility with tools like nghttpx and h2load.
• System Administrators: Testing is recommended to verify how the changes affect existing workflows.

---

Important Notes

• The release notes from the nghttp2.org blog (April 19, 2026) are the most authoritative source.
• The GitHub compare page lists detailed changes, but the official blog provides clearer context on compatibility and features.

---

Actionable Advice

1. Update Dependencies: Ensure nghttpx and h2load are updated to version 1.69.0.
2. Test Compatibility: Verify that the changes do not break existing applications, especially those relying on legacy HTTP/2 handling.
3. Monitor for Issues: Keep an eye on community feedback or release notes for potential edge cases.

---

Conclusion: The 1.69.0 release introduces minor compatibility improvements and new features (e.g., ECH support), but no security risks are reported. Developers should test thoroughly to ensure smooth integration.

Источники, найденные web_search

1. GitHub release API: nghttp2/nghttp2 v1.69.0
2. GitHub tag page: nghttp2/nghttp2 v1.69.0
3. GitHub releases page: nghttp2/nghttp2
4. GitHub compare page: nghttp2/nghttp2 v1.66.0...v1.69.0
5. John Lewis & Partners | Never Knowingly Undersold
6. Nghttp2 v1.69.0 - nghttp2.org
7. John Lewis & Partners | Department Store
8. Vidéos porno et films de sexe gratuits - Porno, XXX, Porn Tube | Pornhub
9. Porno gratuit recommandé: vidéos de sexe hardcore | Pornhub

Upstream release notes / description

What's Changed

• src: Simplify format_hex and format_upper_hex by @tatsuhiro-t in github.com — 2545
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in github.com — 2546
• hpack: Optimize huffman decoding a bit by @tatsuhiro-t in github.com — 2548
• Port ngtcp2_map changes by @tatsuhiro-t in github.com — 2549
• Remove unused macros and enums by @tatsuhiro-t in github.com — 2550
• src: Rewrite defer by @tatsuhiro-t in github.com — 2552
• src: Remove empty parameter list from lambda by @tatsuhiro-t in github.com — 2553
• src: Remove noexcept from ~Defer by @tatsuhiro-t in github.com — 2554
• src: Adopt EVP_PKEY_get0_EC_KEY by @tatsuhiro-t in github.com — 2555
• nghttpx: Avoid separate allocation for QUIC tx buffer by @tatsuhiro-t in github.com — 2556
• src: Workaround performance regression since OpenSSL 3.0 by @tatsuhiro-t in github.com — 2557
• integration: Cope with os.ErrProcessDone by @tatsuhiro-t in github.com — 2560
• build(deps): bump github.com/quic-go/quic-go from 0.55.0 to 0.56.0 by @dependabot[bot] in github.com — 2559
• src: Simplify DList::remove by @tatsuhiro-t in github.com — 2561
• src: Remove the duplicated test by @tatsuhiro-t in github.com — 2562
• lib/CMakeLists.txt: Fix NGHTTP2_CONFIG_INSTALL_DIR path by @trukna in github.com — 2551
• GHA: Cancel stale job by @tatsuhiro-t in github.com — 2563
• nghttpx: Ensure resetting downstream h2 stream by @tatsuhiro-t in github.com — 2564
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in github.com — 2566
• Gha ubuntu arm by @tatsuhiro-t in github.com — 2567
• src: Generate lowcase_tbl by @tatsuhiro-t in github.com — 2568
• examples: Remove redundant cast in lowcase by @tatsuhiro-t in github.com — 2569
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in github.com — 2570
• build(deps): bump github.com/quic-go/quic-go from 0.56.0 to 0.57.0 by @dependabot[bot] in github.com — 2571
• Bump ngtcp2 and its dependencies by @tatsuhiro-t in github.com — 2574
• build(deps): bump github.com/quic-go/quic-go from 0.57.0 to 0.57.1 by @dependabot[bot] in github.com — 2575
• Fix union usage in nghttp2_data_provider_wrap by @tatsuhiro-t in github.com — 2576
• Remove union from WorkerID by @tatsuhiro-t in github.com — 2577
• Cancel sending RST_STREAM if stream is not found by @tatsuhiro-t in github.com — 2578
• nghttpx: Remove stream_closed_ from Http2DownstreamConnection by @tatsuhiro-t in github.com — 2579
• Remove extraneous semicolon by @tatsuhiro-t in github.com — 2580
• src: Rewrite Address with std::variant by @tatsuhiro-t in github.com — 2581
• build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in github.com — 2587
• build(deps): bump actions/cache from 4 to 5 by @dependabot[bot] in github.com — 2588
• build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 by @dependabot[bot] in github.com — 2589
• build(deps): bump github.com/quic-go/quic-go from 0.57.1 to 0.58.0 by @dependabot[bot] in github.com — 2591
• Rewrite Dockerfile with heredoc syntax by @tatsuhiro-t in github.com — 2592
• src: Avoid strict aliasing violation by @tatsuhiro-t in github.com — 2593
• Introduce nghttp2_strlen_lit by @tatsuhiro-t in github.com — 2594
• build(deps): bump github.com/quic-go/quic-go from 0.58.0 to 0.59.0 by @dependabot[bot] in github.com — 2595
• Increase default glitch rate limit to 10x by @tatsuhiro-t in github.com — 2599
• build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in github.com — 2596
• GHA: Fix main branch in cancel-in-progress by @tatsuhiro-t in github.com — 2600
• Remove glitch detection for ignored DATA frame by @tatsuhiro-t in github.com — 2598
• Bump ngtcp2 and its dependencies by @tatsuhiro-t in github.com — 2601
• Revert "src: Avoid strict aliasing violation" by @tatsuhiro-t in github.com — 2602
• build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by @dependabot[bot] in github.com — 2605
• Check nghttp2_is_fatal first by @tatsuhiro-t in github.com — 2607
• altsvc: Avoid pointer arithmetic against NULL by @tatsuhiro-t in github.com — 2608
• Ensure typedefs use named structs and unions by @cbarrick in github.com — 2609
• Revert "Ensure typedefs use named structs and unions" by @tatsuhiro-t in github.com — 2610
• build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in github.com — 2611
• build(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 by @dependabot[bot] in github.com — 2612
• h2load: Fix bug that h2load does not

...[truncated 8069 chars]

NiceOS maintainer checklist

• Confirm that the detected version is a stable upstream release.
• Check upstream changelog for security fixes, ABI/API changes and build-system changes.
• Check ABI/API compatibility and reverse dependencies.
• Download source into NiceOS lookaside storage.
• Update Version and related fields in SPECS/*.spec only if policy allows it.
• Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
• Build SRPM/RPM in a clean NiceOS buildroot.
• Run package smoke tests.
• Link PR/build logs and close this issue after update or triage.

Bot metadata

• Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
• Generated at: 2026-06-19T00:17:33Z

<!-- niceos-upstream-monitor:fingerprint=upstream-update:nghttp2:1.69.0 --> <!-- niceos-upstream-monitor:package=nghttp2 --> <!-- niceos-upstream-monitor:current=1.66.0 --> <!-- niceos-upstream-monitor:latest=1.69.0 --> # Upstream update available: `nghttp2` `1.66.0` → `1.69.0` ## Package - Package: `nghttp2` - RPM name: `nghttp2` - Branch: `niceos-5.2` - Current EVR: `1.66.0-1` - Update class: `minor` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream, network-facing` ## Upstream - Upstream type: `github` - Upstream project: `nghttp2/nghttp2` - Upstream URL: <a href="https://github.com/nghttp2/nghttp2" target="_blank" rel="noopener noreferrer">github.com — nghttp2</a> - Detected version: `1.69.0` - Tag/release: `v1.69.0` - Source: `github_release_latest` - Published: `2026-04-19T09:19:07Z` - Release URL: <a href="https://github.com/nghttp2/nghttp2/releases/tag/v1.69.0" target="_blank" rel="noopener noreferrer">github.com — v1.69.0</a> - Source URL: <a href="https://api.github.com/repos/nghttp2/nghttp2/tarball/v1.69.0" target="_blank" rel="noopener noreferrer">api.github.com — v1.69.0</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `False` - Policy blocked: `False` - Policy reason: `-` - Labels: `ai-summary, bot, needs-build, needs-triage, priority/medium, update/minor, upstream-update, upstream/github` ## NiceSOFT AI preliminary stability analysis Here's a summary of the key details from the provided sources regarding the **nghttp2 1.69.0 release**: --- ### **Key Features & Changes** 1. **Compatibility Improvements** - **HTTP Field Errors**: Some errors related to HTTP fields are now treated as stream errors under the "glitch counter" to ensure compatibility with older systems. - **Third-Party Bump**: The library was updated to support **llhttp v9.3.1**, enhancing compatibility with other tools. 2. **New Features** - **Encrypted Client Hello (ECH)**: Added support for encrypted Client Hello in the `nghttpx` tool. - **--h3 Option**: Introduced for `h2load`, allowing users to enable HTTP/3 (h3) via a short-hand flag. 3. **Bug Fixes** - Addressed issues in the HTTP/2 protocol handling, particularly for stream errors and field parsing. --- ### **Security & Stability** - **No Known Vulnerabilities**: The release does not include any public security advisories or vulnerabilities. - **Compatibility Notes**: The changes aim to improve interoperability but may require testing in existing systems. --- ### **Relevance for Users** - **Developers**: The updates are critical for ensuring compatibility with tools like `nghttpx` and `h2load`. - **System Administrators**: Testing is recommended to verify how the changes affect existing workflows. --- ### **Important Notes** - The release notes from the **nghttp2.org blog** (April 19, 2026) are the most authoritative source. - The GitHub compare page lists detailed changes, but the official blog provides clearer context on compatibility and features. --- ### **Actionable Advice** 1. **Update Dependencies**: Ensure `nghttpx` and `h2load` are updated to version 1.69.0. 2. **Test Compatibility**: Verify that the changes do not break existing applications, especially those relying on legacy HTTP/2 handling. 3. **Monitor for Issues**: Keep an eye on community feedback or release notes for potential edge cases. --- **Conclusion**: The 1.69.0 release introduces minor compatibility improvements and new features (e.g., ECH support), but no security risks are reported. Developers should test thoroughly to ensure smooth integration. ### Источники, найденные web_search 1. <a href="https://github.com/nghttp2/nghttp2/releases/tag/v1.69.0" target="_blank" rel="noopener noreferrer">GitHub release API: nghttp2/nghttp2 v1.69.0</a> 2. <a href="https://github.com/nghttp2/nghttp2/tree/v1.69.0" target="_blank" rel="noopener noreferrer">GitHub tag page: nghttp2/nghttp2 v1.69.0</a> 3. <a href="https://github.com/nghttp2/nghttp2/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: nghttp2/nghttp2</a> 4. <a href="https://github.com/nghttp2/nghttp2/compare/v1.66.0...v1.69.0" target="_blank" rel="noopener noreferrer">GitHub compare page: nghttp2/nghttp2 v1.66.0...v1.69.0</a> 5. <a href="https://www.johnlewis.com/?msockid=36b3353497c962b1319c2249964f63a6" target="_blank" rel="noopener noreferrer">John Lewis &amp; Partners | Never Knowingly Undersold</a> 6. <a href="https://nghttp2.org/blog/2026/04/19/nghttp2-v1-69-0/" target="_blank" rel="noopener noreferrer">Nghttp2 v1.69.0 - nghttp2.org</a> 7. <a href="https://www.johnlewis.com/content/browse/content/home/null?msockid=36b3353497c962b1319c2249964f63a6" target="_blank" rel="noopener noreferrer">John Lewis &amp; Partners | Department Store</a> 8. <a href="https://fr.pornhub.com/" target="_blank" rel="noopener noreferrer">Vidéos porno et films de sexe gratuits - Porno, XXX, Porn Tube | Pornhub</a> 9. <a href="https://fr.pornhub.com/recommended" target="_blank" rel="noopener noreferrer">Porno gratuit recommandé: vidéos de sexe hardcore | Pornhub</a> ## Upstream release notes / description ## What's Changed * src: Simplify format_hex and format_upper_hex by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2545" target="_blank" rel="noopener noreferrer">github.com — 2545</a> * build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2546" target="_blank" rel="noopener noreferrer">github.com — 2546</a> * hpack: Optimize huffman decoding a bit by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2548" target="_blank" rel="noopener noreferrer">github.com — 2548</a> * Port ngtcp2_map changes by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2549" target="_blank" rel="noopener noreferrer">github.com — 2549</a> * Remove unused macros and enums by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2550" target="_blank" rel="noopener noreferrer">github.com — 2550</a> * src: Rewrite defer by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2552" target="_blank" rel="noopener noreferrer">github.com — 2552</a> * src: Remove empty parameter list from lambda by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2553" target="_blank" rel="noopener noreferrer">github.com — 2553</a> * src: Remove noexcept from ~Defer by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2554" target="_blank" rel="noopener noreferrer">github.com — 2554</a> * src: Adopt EVP_PKEY_get0_EC_KEY by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2555" target="_blank" rel="noopener noreferrer">github.com — 2555</a> * nghttpx: Avoid separate allocation for QUIC tx buffer by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2556" target="_blank" rel="noopener noreferrer">github.com — 2556</a> * src: Workaround performance regression since OpenSSL 3.0 by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2557" target="_blank" rel="noopener noreferrer">github.com — 2557</a> * integration: Cope with os.ErrProcessDone by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2560" target="_blank" rel="noopener noreferrer">github.com — 2560</a> * build(deps): bump github.com/quic-go/quic-go from 0.55.0 to 0.56.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2559" target="_blank" rel="noopener noreferrer">github.com — 2559</a> * src: Simplify DList::remove by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2561" target="_blank" rel="noopener noreferrer">github.com — 2561</a> * src: Remove the duplicated test by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2562" target="_blank" rel="noopener noreferrer">github.com — 2562</a> * lib/CMakeLists.txt: Fix NGHTTP2_CONFIG_INSTALL_DIR path by @trukna in <a href="https://github.com/nghttp2/nghttp2/pull/2551" target="_blank" rel="noopener noreferrer">github.com — 2551</a> * GHA: Cancel stale job by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2563" target="_blank" rel="noopener noreferrer">github.com — 2563</a> * nghttpx: Ensure resetting downstream h2 stream by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2564" target="_blank" rel="noopener noreferrer">github.com — 2564</a> * build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2566" target="_blank" rel="noopener noreferrer">github.com — 2566</a> * Gha ubuntu arm by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2567" target="_blank" rel="noopener noreferrer">github.com — 2567</a> * src: Generate lowcase_tbl by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2568" target="_blank" rel="noopener noreferrer">github.com — 2568</a> * examples: Remove redundant cast in lowcase by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2569" target="_blank" rel="noopener noreferrer">github.com — 2569</a> * build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2570" target="_blank" rel="noopener noreferrer">github.com — 2570</a> * build(deps): bump github.com/quic-go/quic-go from 0.56.0 to 0.57.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2571" target="_blank" rel="noopener noreferrer">github.com — 2571</a> * Bump ngtcp2 and its dependencies by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2574" target="_blank" rel="noopener noreferrer">github.com — 2574</a> * build(deps): bump github.com/quic-go/quic-go from 0.57.0 to 0.57.1 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2575" target="_blank" rel="noopener noreferrer">github.com — 2575</a> * Fix union usage in nghttp2_data_provider_wrap by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2576" target="_blank" rel="noopener noreferrer">github.com — 2576</a> * Remove union from WorkerID by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2577" target="_blank" rel="noopener noreferrer">github.com — 2577</a> * Cancel sending RST_STREAM if stream is not found by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2578" target="_blank" rel="noopener noreferrer">github.com — 2578</a> * nghttpx: Remove stream_closed_ from Http2DownstreamConnection by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2579" target="_blank" rel="noopener noreferrer">github.com — 2579</a> * Remove extraneous semicolon by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2580" target="_blank" rel="noopener noreferrer">github.com — 2580</a> * src: Rewrite Address with std::variant by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2581" target="_blank" rel="noopener noreferrer">github.com — 2581</a> * build(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2587" target="_blank" rel="noopener noreferrer">github.com — 2587</a> * build(deps): bump actions/cache from 4 to 5 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2588" target="_blank" rel="noopener noreferrer">github.com — 2588</a> * build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2589" target="_blank" rel="noopener noreferrer">github.com — 2589</a> * build(deps): bump github.com/quic-go/quic-go from 0.57.1 to 0.58.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2591" target="_blank" rel="noopener noreferrer">github.com — 2591</a> * Rewrite Dockerfile with heredoc syntax by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2592" target="_blank" rel="noopener noreferrer">github.com — 2592</a> * src: Avoid strict aliasing violation by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2593" target="_blank" rel="noopener noreferrer">github.com — 2593</a> * Introduce nghttp2_strlen_lit by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2594" target="_blank" rel="noopener noreferrer">github.com — 2594</a> * build(deps): bump github.com/quic-go/quic-go from 0.58.0 to 0.59.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2595" target="_blank" rel="noopener noreferrer">github.com — 2595</a> * Increase default glitch rate limit to 10x by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2599" target="_blank" rel="noopener noreferrer">github.com — 2599</a> * build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2596" target="_blank" rel="noopener noreferrer">github.com — 2596</a> * GHA: Fix main branch in cancel-in-progress by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2600" target="_blank" rel="noopener noreferrer">github.com — 2600</a> * Remove glitch detection for ignored DATA frame by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2598" target="_blank" rel="noopener noreferrer">github.com — 2598</a> * Bump ngtcp2 and its dependencies by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2601" target="_blank" rel="noopener noreferrer">github.com — 2601</a> * Revert "src: Avoid strict aliasing violation" by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2602" target="_blank" rel="noopener noreferrer">github.com — 2602</a> * build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2605" target="_blank" rel="noopener noreferrer">github.com — 2605</a> * Check nghttp2_is_fatal first by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2607" target="_blank" rel="noopener noreferrer">github.com — 2607</a> * altsvc: Avoid pointer arithmetic against NULL by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2608" target="_blank" rel="noopener noreferrer">github.com — 2608</a> * Ensure typedefs use named structs and unions by @cbarrick in <a href="https://github.com/nghttp2/nghttp2/pull/2609" target="_blank" rel="noopener noreferrer">github.com — 2609</a> * Revert "Ensure typedefs use named structs and unions" by @tatsuhiro-t in <a href="https://github.com/nghttp2/nghttp2/pull/2610" target="_blank" rel="noopener noreferrer">github.com — 2610</a> * build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2611" target="_blank" rel="noopener noreferrer">github.com — 2611</a> * build(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 by @dependabot[bot] in <a href="https://github.com/nghttp2/nghttp2/pull/2612" target="_blank" rel="noopener noreferrer">github.com — 2612</a> * h2load: Fix bug that h2load does not ...[truncated 8069 chars] ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-19T00:17:33Z`

sbelikov added the

ai-summary

bot

needs-build

needs-triage

priority/medium

update/minor

upstream-update

upstream/github

labels 2026-05-20 03:23:28 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

niceos-5.2

cve-nghttp2-CVE-2026-27135

No results found.

Labels

Clear labels   

ai-summary

Issue contains local NiceSOFT AI generated preliminary analysis

  

auto-analysis

Created by niceos_cve_create_issues.py

  

bot

Created by automation

  

cve

Created by niceos_cve_create_issues.py

  

match-cpe-range

Created by niceos_cve_create_issues.py

  

needs-build

Needs build verification

  

needs-triage

Needs maintainer triage

  

priority/medium

Medium priority

  

security

Created by niceos_cve_create_issues.py

  

severity-high

Created by niceos_cve_create_issues.py

  

source-niceos-scan

Created by niceos_cve_create_issues.py

  

source-nvd

Created by niceos_cve_create_issues.py

  

update/minor

Minor update

  

upstream-update

New upstream version is available

  

upstream/github

GitHub upstream

No labels

ai-summary

auto-analysis

bot

cve

match-cpe-range

needs-build

needs-triage

priority/medium

security

severity-high

source-niceos-scan

source-nvd

update/minor

upstream-update

upstream/github

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rpms/nghttp2#2

No description provided.