Kong has prioritized the security and reliability of its products in response to the recently discovered HTTP/2 'Rapid Reset' DDoS attack (CVE-2023-44487), which exploits the concurrent streaming capability of HTTP/2. This attack allows a client to overwhelm a server with numerous HTTP/2 stream requests that are immediately reset, leading to excessive resource consumption and a Denial of Service. Kong has released patches for all supported versions of its products, including Kong Gateway, Kong Mesh, and Kuma, to address the vulnerability. Users are advised to update to these patched versions, with Kong Enterprise updates available immediately and an updated Docker image for Kong OSS submitted for merging. For those unable to update immediately, Kong recommends disabling HTTP/2 support and reducing the HTTP/2 keepalive limit as mitigation steps. Kong remains committed to maintaining the security of its community and advises all users to assess their systems and implement the recommended patches and mitigation strategies.