[Checkins] [zopefoundation/Zope] 2e992c: Prevent header spoofing via underscore/dash confla...

Julien Muchembled noreply at github.com
Fri Feb 7 00:59:13 CET 2020


  Branch: refs/heads/2.13
  Home:   https://github.com/zopefoundation/Zope
  Commit: 2e992cc60598fcd170fc6b6196a84c1ad58287c1
      https://github.com/zopefoundation/Zope/commit/2e992cc60598fcd170fc6b6196a84c1ad58287c1
  Author: Julien Muchembled <jm at jmuchemb.eu>
  Date:   2020-02-06 (Thu, 06 Feb 2020)

  Changed paths:
    M src/ZServer/HTTPServer.py
    A src/ZServer/tests/test_HTTPServer.py

  Log Message:
  -----------
  Prevent header spoofing via underscore/dash conflation (#655)

* Prevent header spoofing via underscore/dash conflation

See https://www.djangoproject.com/weblog/2015/jan/13/security/

* - add a test (now I know why there were none)

* - remove unused imports

Co-authored-by: Jens Vagelpohl <jens at netz.ooo>




More information about the checkins mailing list