dnrops
/
swift-nio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
swift-nio/Sources/NIOHTTP1
History
Cory Benfield bfde40cac8
Update http-parser for CVE. (#1387) 
Motivation:

http-parser shipped a patche for node.js CVE-2019-15605, which allowed
HTTP request smuggling. This affected SwiftNIO as well, and so we need
to immediately ship an update to help protect affected users.

A CVE for SwiftNIO will follow, but as this patch is in the wild and
SwiftNIO is known to be affected we should not delay shipping this fix.

Modifications:

- Update http-parser.
- Add regression tests to validate this behaviour.

Result:

Close request smugging vector.
 		2020-02-10 16:44:44 +00:00
..
ByteCollectionUtils.swift HTTP/1 headers simplification & cleanup (#857) 2019-03-06 18:11:40 +00:00
HTTPDecoder.swift Update http-parser for CVE. (#1387) 2020-02-10 16:44:44 +00:00
HTTPEncoder.swift An HTTP upgrader class for a client pipeline. (#1001) 2019-06-16 11:10:12 +01:00
HTTPPipelineSetup.swift enable TCP_NODELAY by default (#1020) 2019-06-19 18:04:01 +01:00
HTTPServerPipelineHandler.swift use Optional<T> instead of T? to workaround SR-11777 (#1252) 2019-11-27 18:37:38 +00:00
HTTPServerProtocolErrorHandler.swift rename ctx to context (#842) 2019-02-25 18:20:22 +00:00
HTTPServerUpgradeHandler.swift HTTPServerUpgradeHandler: Tolerate futures from other ELs (#1134) 2019-09-09 18:03:40 +01:00
HTTPTypes.swift Fix documenation in HTTPHeaders. (#1335) 2020-01-11 16:51:50 +00:00
NIOHTTPClientUpgradeHandler.swift Webhooks upgrade complete fix (#1280) 2019-12-04 12:04:05 +00:00