Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UNDERTOW-2323] Fix for CVE-2023-44487 and related issues #1525

Merged
merged 4 commits into from
Oct 17, 2023
Merged

[UNDERTOW-2323] Fix for CVE-2023-44487 and related issues #1525

merged 4 commits into from
Oct 17, 2023

Conversation

fl4via
Copy link
Member

@fl4via fl4via commented Oct 16, 2023

@fl4via
[UNDERTOW-2311] Move the constant to UndertowOptions
017b15f 
Signed-off-by: Flavia Rainone <frainone@redhat.com>
@fl4via fl4via added bug fix Contains bug fix(es) next release This PR will be merged before next release or has already been merged (for payload double check) waiting CI check Ready to be merged but waiting for CI check labels Oct 16, 2023
@fl4via
[UNDERTOW-2327] At Http2Channel, store the rst streams in a cache so …
a6861ee 
…responses to rst streams can be handled correctly.

The cache is cleaned after a while (current default value is set to 1 minute). If, during that time, a response to a canceled request stream is received from the server, the channel will be able to detect it is not a protocol error but just a matter of timing: the server responded the request before receiving and processing the rst frame

Signed-off-by: Flavia Rainone <frainone@redhat.com>
@fl4via fl4via force-pushed the UNDERTOW-2323 branch 2 times, most recently from 5ad3152 to 0a398ce Compare October 16, 2023 07:52
@fl4via
[UNDERTOW-2323] At Http2Channel, prevent DDoS attack where a series o…
6f0ca47 
…f requests followed by rst frames canceling the requests can cause a denial of service

Signed-off-by: Flavia Rainone <frainone@redhat.com>
@fl4via fl4via added waiting PR update Awaiting PR update(s) from contributor before merging failed CI Introduced new regession(s) during CI check and removed waiting CI check Ready to be merged but waiting for CI check labels Oct 16, 2023
@fl4via fl4via force-pushed the UNDERTOW-2323 branch 9 times, most recently from e5293b5 to 36c3526 Compare October 17, 2023 07:52
@fl4via
[UNDERTOW-2323] Update the test for handling special case where clien…
05d58fa 
…t gets a connection closed by goaway before processing the responses from server

Signed-off-by: Flavia Rainone <frainone@redhat.com>
@fl4via fl4via added waiting CI check Ready to be merged but waiting for CI check and removed waiting PR update Awaiting PR update(s) from contributor before merging failed CI Introduced new regession(s) during CI check waiting CI check Ready to be merged but waiting for CI check labels Oct 17, 2023
@fl4via fl4via merged commit eb372bb into undertow-io:master Oct 17, 2023
25 checks passed
@fl4via fl4via mentioned this pull request Oct 17, 2023
Merged
@fl4via fl4via mentioned this pull request Oct 17, 2023
Merged
@fl4via fl4via removed the next release This PR will be merged before next release or has already been merged (for payload double check) label Oct 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug fix Contains bug fix(es)
Projects
None yet
Milestone
No milestone
1 participant
@fl4via