netty5

History

Jonathan Leitschuh cde6a6d7d1 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 ) ### Motivation: I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`. Some part of me hopes that this warning will help dissuade library authors from disabling this important security check. ### Modification: Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`. ### Result: This improves the documentation on `DefaultHttpHeaders`.	2019-10-10 20:47:50 +02:00
..
java/io/netty/handler/codec	[DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )	2019-10-10 20:47:50 +02:00
resources/META-INF/native-image/io.netty/codec-http	Remove deprecated GraalVM native-image flags (#9118 )	2019-05-22 19:22:03 +02:00

Jonathan Leitschuh cde6a6d7d1 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )

### Motivation:

I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`.

Some part of me hopes that this warning will help dissuade library authors from disabling this important security check.

### Modification:

Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`.

### Result:

This improves the documentation on `DefaultHttpHeaders`.

2019-10-10 20:47:50 +02:00

java/io/netty/handler/codec

[DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646 )

2019-10-10 20:47:50 +02:00

resources/META-INF/native-image/io.netty/codec-http

Remove deprecated GraalVM native-image flags (#9118 )

2019-05-22 19:22:03 +02:00