Today, we have released H2O version 2.2.5.
This is a bug-fix release, including one security-related fix.
The detail of the vulnerability is explained in #1775. Users of H2O are advised to upgrade immediately to version 2.2.5 or to disable access logging.
We would like to thank Marlies Ruck, ForAllSecure for finding the issue.
List of other changes can be found here.