A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.
github.com/dotnet/announcements/issues/170
lists.fedoraproject.org/archives/list/[email protected]/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B
lists.fedoraproject.org/archives/list/[email protected]/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW
nvd.nist.gov/vuln/detail/CVE-2021-1723
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723