Thomas Lamprecht f325788131 response: avoid linefeeds in response status ... basically only possible to trigger with chromium based browsers (chrome, edge, opera) but besides those having the biggest usage currently its not that nice in any way. Users could inject headers in their response, which isn't really that bad itself, as they won't really do anything at least for sane browsers that don't allow setting third party cookies by default (unlike again, chrome), in which case one can create huge cookies that then trigger the max header size check on requests, DOS'ing an user's access to a PVE interface if they can get them to visit a malicious site (a clear cooki actione would allow visiting it again) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Reported-by: STAR Labs <info@starlabs.sg>		2022-07-02 09:22:00 +02:00
debian	bump version to 3.2-4	2022-05-17 16:43:10 +02:00
src	response: avoid linefeeds in response status	2022-07-02 09:22:00 +02:00
.gitignore	fixup no newline at end of .gitignore	2018-05-25 16:42:05 +02:00
Makefile	buildsys: split packaging and source build-systems	2021-05-14 16:37:17 +02:00