documentation
documentation copied to clipboard
vespa-engine
chore(deps): update dependency webrick to v1.8.2 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| webrick | 1.8.1 -> 1.8.2 |
GitHub Vulnerability Alerts
CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Release Notes
ruby/webrick (webrick)
v1.8.2
What's Changed
- Drop commented-out line by @olleolleolle in https://github.com/ruby/webrick/pull/108
- Add Ruby 3.1 & 3.2 to CI matrix by @tricknotes in https://github.com/ruby/webrick/pull/109
- Fix/redos by @ooooooo-q in https://github.com/ruby/webrick/pull/114
- Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @jeremyevans in https://github.com/ruby/webrick/pull/120
- Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/ruby/webrick/pull/121
- Improve CI by @hsbt in https://github.com/ruby/webrick/pull/123
- Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @KJTsanaktsidis in https://github.com/ruby/webrick/pull/128
- Fix bug chunk extension detection by @jeremyevans in https://github.com/ruby/webrick/pull/125
- Fix CI. by @ioquatix in https://github.com/ruby/webrick/pull/131
- Merge multiple cookie headers, preserving semantic correctness. by @ioquatix in https://github.com/ruby/webrick/pull/130
- Test on macos-latest by @byroot in https://github.com/ruby/webrick/pull/132
- Require CRLF line endings in request line and headers by @jeremyevans in https://github.com/ruby/webrick/pull/138
- Prefer squigly heredocs. by @ioquatix in https://github.com/ruby/webrick/pull/143
- Only strip space and horizontal tab in headers by @jeremyevans in https://github.com/ruby/webrick/pull/141
- Treat missing CRLF separator after headers as an EOFError by @jeremyevans in https://github.com/ruby/webrick/pull/142
- Return 400 response for chunked requests with unexpected data after chunk by @jeremyevans in https://github.com/ruby/webrick/pull/136
- Fix reference to URI::REGEXP::PATTERN::HOST by @casperisfine in https://github.com/ruby/webrick/pull/144
- Prevent request smuggling by @jeremyevans in https://github.com/ruby/webrick/pull/146
New Contributors
- @tricknotes made their first contribution in https://github.com/ruby/webrick/pull/109
- @ooooooo-q made their first contribution in https://github.com/ruby/webrick/pull/114
- @KJTsanaktsidis made their first contribution in https://github.com/ruby/webrick/pull/128
- @byroot made their first contribution in https://github.com/ruby/webrick/pull/132
- @casperisfine made their first contribution in https://github.com/ruby/webrick/pull/144
Full Changelog: https://github.com/ruby/webrick/compare/v1.8.1...v1.8.2
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}