Covering my bases, I have to ask:
Are Fly’s http ingress tools vulnerable to MadeYouReset?
(Go’s net/http is supposedly not vulnerable, and I’m assuming that a large chunk of Fly is written in Go.)
No, MadeYouReset is not a concern for our networking infrastructure
2 Likes
to expand on @bglw’s note, our HTTP ingress stack is written in Rust and uses the Hyper framework. Hyper is generally not vulnerable to MadeYouReset and does not have a CVE or security advisory for the issue; we have, however, updated to the “patched” version mentioned in the linked post just in case.
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.