netty5/codec-http
Jonathan Leitschuh e0b15ed952 [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646)
### Motivation:

I've now found two libraries that use Netty to be vulnerable to [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) due to using `new DefaultHttpHeaders(false)`.

Some part of me hopes that this warning will help dissuade library authors from disabling this important security check.

### Modification:

Add documentation to `DefaultHttpHeaders(boolean)` to warn about the implications of `false`.

### Result:

This improves the documentation on `DefaultHttpHeaders`.
2019-10-10 22:47:28 +04:00
..
src [DOC] Add CWE-113 warning to DefaultHttpHeaders constructor (#9646) 2019-10-10 22:47:28 +04:00
pom.xml [maven-release-plugin] prepare for next development iteration 2019-09-25 06:15:31 +00:00