We have released nghttp2 v1.61.0.
This release includes security advisory.
Security Advisory
CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
For more information, read the security advisory.
For other changes, refer to v1.61.0 release notes.
Do not download the archive files generated by GitHub. They do not work. Please download the signed and versioned tar balls, such as nghttp2-1.61.0.tar.gz.