We have just released version 1.7.3 and 2.0.0-beta5 of the H2O HTTP/2 server.
The releases include a fix for a security issue (CVE-2016-4817). Existing users are encouraged to update their installations.
The details of the issue can be found here.
We would like to thank Tim Newsham for reporting the issue and Frederik Deweerdt for providing a fix.