Skip to content

Adds an option to make HTTP2 configurable #5232

Closed
#5231
Closed
Adds an option to make HTTP2 configurable#5232
#5231
Labels
kind/featureCategorizes issue or PR as related to a new feature.track/coreCaptures issues that are related to Core controller work
@siddhibhor-56

Description

@siddhibhor-56
siddhibhor-56
opened on Sep 1, 2025

Is your feature request related to a problem? Please describe.
Provide an option to choose http2 for the server created by the operator. This is required because not using http/2 will prevent from being vulnerable to the HTTP/2 Stream Cancellation and Rapid Reset CVEs. For more information see:

GHSA-qppj-fm5r-hxr3
GHSA-4374-p667-p6c8

Describe the solution you'd like
Provide an argument 'enable-http2' to allow user to opt for http2 if required, when the enable-http2 flag is false (the default), http/2 would be disabled due to its vulnerabilities.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.track/coreCaptures issues that are related to Core controller work

    Type

    No type

    Projects

    External Secrets

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions