-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: clarify v5.1.1 notable items #4156
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Include reference to CVE-2015-8027 * Fix "socket may no longer have a socket" reference * Expand on non-existent parser causing the error * Soften language for CVE-2015-3193 as impact may not be as great as expected, also trim to match v4.2.3 language * Clarify that CVE-2015-3194 affects TLS servers using _client certificate authentication_ * Include reference to CVE-2015-6764
@@ -4,12 +4,12 @@ | |||
|
|||
### Notable changes | |||
|
|||
* **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny) | |||
* **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I speculate that attempts trigger
-> attempts to trigger
(sorry If I'm wrong)
LGTM with one small comment :) |
LGTM |
1 similar comment
LGTM |
rvagg
added a commit
that referenced
this pull request
Dec 5, 2015
* Include reference to CVE-2015-8027 * Fix "socket may no longer have a socket" reference * Expand on non-existent parser causing the error * Soften language for CVE-2015-3193 as impact may not be as great as expected, also trim to match v4.2.3 language * Clarify that CVE-2015-3194 affects TLS servers using _client certificate authentication_ * Include reference to CVE-2015-6764 PR-URL: #4156 Reviewed-By: Minwoo Jung <jmwsoft@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
thanks, fixed and landed @ 6c16c40 |
This was referenced Dec 8, 2015
This was referenced Jul 21, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
expected, also trim to match v4.2.3 language
certificate authentication