Over the past two months attackers have been abusing a feature of the HTTP/2 web communication protocol that makes web application servers, load balancers, and web proxies vulnerable to distributed denial-of-service (DDoS) attacks of unprecedented scale. Google, AWS, Cloudflare, and other major cloud infrastructure providers, as well as web server vendors have been working on mitigation strategies and patches in private groups until the weakness was disclosed today.