netty5

History

Jonathan Leitschuh cde6a6d7d1 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 ) ### Motivation: I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`. Some part of me hopes that this warning will help dissuade library authors from disabling this important security check. ### Modification: Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`. ### Result: This improves the documentation on `DefaultHttpHeaders`.	2019-10-10 20:47:50 +02:00
..
src	[DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )	2019-10-10 20:47:50 +02:00
pom.xml	Use maven plugin to prevent API/ABI breakage as part of build process (#8904 )	2019-03-01 19:48:29 +01:00

Jonathan Leitschuh cde6a6d7d1 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )

### Motivation:

I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`.

Some part of me hopes that this warning will help dissuade library authors from disabling this important security check.

### Modification:

Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`.

### Result:

This improves the documentation on `DefaultHttpHeaders`.

2019-10-10 20:47:50 +02:00

src

[DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )

2019-10-10 20:47:50 +02:00

pom.xml

Use maven plugin to prevent API/ABI breakage as part of build process (#8904 )

2019-03-01 19:48:29 +01:00