Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UNDERTOW-2264] [UNDERTOW-2374] [UNDERTOW-2375] CVE-2023-1973 Backport fixes/enhancements to 2.2.x branch #1583

Merged
merged 3 commits into from
Apr 19, 2024
Merged

[UNDERTOW-2264] [UNDERTOW-2374] [UNDERTOW-2375] CVE-2023-1973 Backport fixes/enhancements to 2.2.x branch #1583

merged 3 commits into from
Apr 19, 2024

Commits on Apr 19, 2024

  1. [UNDERTOW-2374] Move the check for allowUnescapedCharactersInUrl to o… 

    …utside of the path verification loop in Http2ReceiveListener.checkRequestHeaders

Signed-off-by: Flavia Rainone <frainone@redhat.com>
    @fl4via
    fl4via committed Apr 19, 2024
    Configuration menu
    Copy the full SHA
    9e1eaeb View commit details
    Browse the repository at this point in the history

  2. [UNDERTOW-2264] CVE-2023-1973 Force session timeout to 2 minutes when… 

    … session was created during the authentication phase. Once authentication is complete restore original (configured) session timeout.

Signed-off-by: Flavia Rainone <frainone@redhat.com>
    @ropalka @fl4via
    ropalka authored and fl4via committed Apr 19, 2024
    Configuration menu
    Copy the full SHA
    b289b18 View commit details
    Browse the repository at this point in the history

  3. [UNDERTOW-2375] Minor fixes in contributing guide: broken links, type… 

    …s, style fixes.

Signed-off-by: Flavia Rainone <frainone@redhat.com>
    @rhusar @fl4via
    rhusar authored and fl4via committed Apr 19, 2024
    Configuration menu
    Copy the full SHA
    c92301d View commit details
    Browse the repository at this point in the history