Interesting, this is just an hour before the core dev quit because of disagreements on how security is managed at F5.<p><a href="https://news.ycombinator.com/item?id=39373327">https://news.ycombinator.com/item?id=39373327</a>
This seems like mostly a non-issue, since this module isn't compiled by default. I guess it's good to fix it regardless, but it seems unnecessary to issue a security advisory/CVE for this. HTTP/3 is an experimental feature in nginx that isn't built by default and isn't included in most distribution builds.
I'm a novice at nginx and using modules. how do I figure out if the nginx docker images that I use are effected by this? it looks like the default image uses `debian:bookworm-slim`. is it safe to assume that the compiled version in that upstream image isn't using any additional modules?<p>> The issues affect nginx compiled with the ngx_http_v3_module (not
compiled by default) if the "quic" option of the "listen" directive
is used in a configuration file.