netty5

History

Norman Maurer 537a0d4d81 Merge pull request from GHSA-9vjp-v76f-g363 Motivation: e Snappy frame decoder function doesn't restrict the size of the compressed data (and the uncompressed data) which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. Modifications: - Add various validations for the max allowed size of a chunk - Skip bytes on the fly when an skippable chunk is handled Result: No more risk of OOME. Thanks to Ori Hollander of JFrog Security for reporting the issue.	2021-09-09 16:08:33 +02:00
..
src	Merge pull request from GHSA-9vjp-v76f-g363	2021-09-09 16:08:33 +02:00
pom.xml	[Feature] Add zstd encoder (#11437 )	2021-07-06 14:57:39 +02:00

Norman Maurer 537a0d4d81 Merge pull request from GHSA-9vjp-v76f-g363

Motivation:

e Snappy frame decoder function doesn't restrict the size of the compressed data (and the uncompressed data) which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well.

Modifications:

- Add various validations for the max allowed size of a chunk
- Skip bytes on the fly when an skippable chunk is handled

Result:

No more risk of OOME. Thanks to Ori Hollander of JFrog Security for reporting the issue.

2021-09-09 16:08:33 +02:00

src

Merge pull request from GHSA-9vjp-v76f-g363

2021-09-09 16:08:33 +02:00

pom.xml

[Feature] Add zstd encoder (#11437 )

2021-07-06 14:57:39 +02:00