netty5

History

Jonathan Leitschuh e0b15ed952 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 ) ### Motivation: I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`. Some part of me hopes that this warning will help dissuade library authors from disabling this important security check. ### Modification: Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`. ### Result: This improves the documentation on `DefaultHttpHeaders`.	2019-10-10 22:47:28 +04:00
..
src	[DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )	2019-10-10 22:47:28 +04:00
pom.xml	[maven-release-plugin] prepare for next development iteration	2019-09-25 06:15:31 +00:00

Jonathan Leitschuh e0b15ed952 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )

### Motivation:

I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`.

Some part of me hopes that this warning will help dissuade library authors from disabling this important security check.

### Modification:

Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`.

### Result:

This improves the documentation on `DefaultHttpHeaders`.

2019-10-10 22:47:28 +04:00

src

[DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )

2019-10-10 22:47:28 +04:00

pom.xml

[maven-release-plugin] prepare for next development iteration

2019-09-25 06:15:31 +00:00