[20:25] <sdeziel> https://ubuntu.com/security/CVE-2023-39325 doesn't mention golang-1.18 but the Debian page (https://security-tracker.debian.org/tracker/CVE-2023-39325) seem to imply that old versions are affected too
[20:25] -ubottu:#ubuntu-security- A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix appl... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325>
[20:39] <mdeslaur> sdeziel: thanks, I'll update it with all our versions
[20:39] <sdeziel> mdeslaur: many thanks!