andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
8,132 Commits 27 Branches 234 Tags 84 MiB
Java 99.8%
Shell 0.1%
ffd6911586
Go to file
Aron Wieck ffd6911586 Use constant string instead of user provided file name for DiskFileUpload temp file names. 
Motivation:

DiskFileUpload creates temporary files for storing user uploads containing the user provided file name as part of the temporary file name. While most security problems are prevented by using "new File(userFileName).getName()" a small risk for bugs or security issues remains.

Modifications:

Use a constant string as file name and rely on the callers use of File.createTemp to ensure unique disk file names.

Result:

A slight security improvement at the cost of a little more obfuscated temp file names.
2017-04-27 16:02:41 -07:00
.github Use GitHub Issue/PR Template Feature 2016-12-07 11:40:26 -08:00
all [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
bom Netty BOM inherit from parent and its own dependency management 2017-04-27 19:35:58 +02:00
buffer Correctly release all buffers in UnpooledTest 2017-04-27 19:29:45 +02:00
codec Calls to discardSomeReadBytes() causes the JsonDecoder to get corrupted 2017-04-27 19:34:15 +02:00
codec-dns fix the typos 2017-04-20 04:56:09 +02:00
codec-haproxy fix the typos 2017-04-20 04:56:09 +02:00
codec-http Use constant string instead of user provided file name for DiskFileUpload temp file names. 2017-04-27 16:02:41 -07:00
codec-http2 HTTP/2 StreamByteDistributor improve parameter validation 2017-04-24 17:17:18 -07:00
codec-memcache [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
codec-mqtt fix the typos 2017-04-20 04:56:09 +02:00
codec-redis fix the typos 2017-04-20 04:56:09 +02:00
codec-smtp [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
codec-socks fix the typos 2017-04-20 04:56:09 +02:00
codec-stomp [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
codec-xml [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
common NetUtil IPv6 bugs related to IPv4 and compression 2017-04-25 15:10:38 -07:00
dev-tools Enable configuring available processors 2017-04-23 10:31:17 +02:00
example fix the typos 2017-04-20 04:56:09 +02:00
handler Ability to extend SniHandler and configure it with arbitrary runtime data 2017-04-26 19:05:16 -07:00
handler-proxy Notify connect promise of ProxyHandler after codecs are removed 2017-04-27 14:54:56 +02:00
license Remove reference to akka code and ArrayDeque which is not part of netty anymore 2017-03-07 21:30:51 +01:00
microbench fix the typos 2017-04-20 04:56:09 +02:00
resolver [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
resolver-dns DNS Resolver visibility into individual queries 2017-04-27 15:17:20 -07:00
tarball [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
testsuite fix the typos 2017-04-20 04:56:09 +02:00
testsuite-autobahn [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
testsuite-osgi [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
transport Enable configuring available processors 2017-04-23 10:31:17 +02:00
transport-native-epoll [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
transport-rxtx fix the typos 2017-04-20 04:56:09 +02:00
transport-sctp [maven-release-plugin] prepare for next development iteration 2017-03-10 07:46:17 +01:00
transport-udt fix the typos 2017-04-20 04:56:09 +02:00
.fbprefs Updated Find Bugs configuration 2009-03-04 10:33:09 +00:00
.gitignore Use shaded dependency on JCTools instead of copy and paste 2016-06-10 13:19:45 +02:00
.travis.yml Travis CI branch whitelisting 2013-03-11 09:55:43 +09:00
CONTRIBUTING.md Move the pull request guide to the developer guide 2014-03-12 13:13:58 +09:00
LICENSE.txt Relicensed to Apache License v2 2009-08-28 07:15:49 +00:00
NOTICE.txt Remove reference to akka code and ArrayDeque which is not part of netty anymore 2017-03-07 21:30:51 +01:00
pom.xml Skip forbidden API check when building with java9 for now 2017-04-23 20:17:55 +02:00
README.md Updating Branches to look section to match the current branching structure of the project 2016-03-10 22:08:01 +01:00
run-example.sh Skip forbidden API check when running examples 2017-04-24 09:52:06 +02:00

README.md

Netty Project

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Links

How to build

For the detailed information about building and developing Netty, please visit the developer guide. This page only gives very basic information.

You require the following to build Netty:

Note that this is build-time requirement. JDK 5 (for 3.x) or 6 (for 4.0+) is enough to run your Netty-based application.

Branches to look

Development of all versions takes place in each branch whose name is identical to <majorVersion>.<minorVersion>. For example, the development of 3.9 and 4.0 resides in the branch '3.9' and the branch '4.0' respectively.