hyperium / hyper / 2469 / 3

Ran 23 Jan 2017 09:07PM UTC

Files 84

Run time 4s

Badge

Embed ▾

Committed 23 Jan 2017 08:55PM UTC coverage: 85.523% (+0.04%) from 85.484%

Job # 2469.3

Build Type

push

travis-ci

Committed by

seanmonstar

Commit Message

fix(header): security fix for header values that include newlines

Newlines in header values will now be replaced with spaces when being
written to strings or to sockets. This prevents headers that are built
from user data to smuggle unintended headers or requests/responses.

Thanks to @skylerberg for the responsible reporting of this issue, and
helping to keep us all safe!

BREAKING CHANGE: This technically will cause code that a calls
  `SetCookie.fmt_header` to panic, as it is no longer to properly write
  that method. Most people should not be doing this at all, and all
  other ways of printing headers should work just fine.

  The breaking change must occur in a patch version because of the
  security nature of the fix.

Coverage Stats

3710 of 4338 relevant lines covered (85.52%)

1.92 hits per line

hyperium / hyper / 2469 / 3

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 2469.3

hyperium / hyper / 2469 / 3

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 2469.3

README BADGES
x