Oddbean

[$] Continued attacks on HTTP/2 On April 3 security researcher Bartek Nowotarski <a href="https://nowotarski.info/http2-continuation-flood-technical-details/" rel="nofollow"> published</a> the details of a new denial-of-service (DoS) attack, called a "continuation flood", against many https://en.wikipedia.org/wiki/HTTP/2 -capable web servers. While the attack is not terribly complex, it affects many independent implementations of the HTTP/2 protocol, even though multiple similar vulnerabilities over the years have given implementers plenty of warning. https://lwn.net/Articles/968600/