)]}'
{
  "commit": "d14a4d84c705d15b1ed0f9d6a7491f8b4d4c3b9b",
  "tree": "8ccb66a2abbac8c2b031df4d1c251c4bb907bdd5",
  "parents": [
    "6b3cd2f4c5b7502f5f13f0c6cdbcf9730c28a673"
  ],
  "author": {
    "name": "Vladimir Homutov",
    "email": "vl@nginx.com",
    "time": "Wed Oct 20 09:50:02 2021 +0300"
  },
  "committer": {
    "name": "Vladimir Homutov",
    "email": "vl@nginx.com",
    "time": "Wed Oct 20 09:50:02 2021 +0300"
  },
  "message": "HTTP: connections with wrong ALPN protocols are now rejected.\n\nThis is a recommended behavior by RFC 7301 and is useful\nfor mitigation of protocol confusion attacks [1].\n\nTo avoid possible negative effects, list of supported protocols\nwas extended to include all possible HTTP protocol ALPN IDs\nregistered by IANA [2], i.e. \"http/1.0\" and \"http/0.9\".\n\n[1] https://alpaca-attack.com/\n[2] https://www.iana.org/assignments/tls-extensiontype-values/\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "87f03889889c942bafeafe04bddf44346c1f4b07",
      "old_mode": 33188,
      "old_path": "src/http/modules/ngx_http_ssl_module.c",
      "new_id": "c633f34641cfee96d3302096d979854c139158c1",
      "new_mode": 33188,
      "new_path": "src/http/modules/ngx_http_ssl_module.c"
    }
  ]
}