LOW
The severity is rated LOW as this issue primarily affects specific use cases and not all applications. While it can cause inconvenience for projects relying on large uploads or SSE, it does not represent a direct security threat. Homelab environments may experience operational inefficiencies but are less likely to suffer critical impacts compared to production systems.

The transition to HTTP/3, which is the latest version of the Hypertext Transfer Protocol, introduces several performance improvements over its predecessors. However, certain projects may face challenges with this upgrade due to their reliance on specific features or large data uploads that are not well-supported by HTTP/3 yet. Projects like Nextcloud and Immich, which involve significant file uploading activities, might experience compatibility issues as they are designed around older protocols. Similarly, applications such as OpenWebUI and Ollama, which depend heavily on Server-Sent Events (SSE) for real-time communication, may face disruptions due to the way HTTP/3 handles streaming data differently from previous versions of HTTP. These challenges highlight the need for careful consideration before upgrading systems that rely on these functionalities.

Affected Systems
  • Nextcloud
  • Immich
  • OpenWebUI
  • Ollama
Affected Versions: All versions that do not support HTTP/3
Remediation
  • Check the project documentation for updates on HTTP/3 compatibility: `curl -L https://nextcloud.com/docs` and `curl -L https://immich.app/docs`.
  • Configure a reverse proxy to handle HTTP/3 traffic separately from applications that are not yet compatible, using Nginx or Apache.
  • Monitor the development roadmap for each application to ensure compatibility before upgrading.
Stack Impact

In homelab environments, users of Nextcloud and Immich should monitor upload performance after enabling HTTP/3. For OpenWebUI and Ollama, check if SSE streams are disrupted by configuring a fallback to HTTP/2 in the server settings.

Source →