[Checkins] [zopefoundation/Zope] 2e992c: Prevent header spoofing via underscore/dash confla...
Julien Muchembled
noreply at github.com
Fri Feb 7 00:59:13 CET 2020
Branch: refs/heads/2.13
Home: https://github.com/zopefoundation/Zope
Commit: 2e992cc60598fcd170fc6b6196a84c1ad58287c1
https://github.com/zopefoundation/Zope/commit/2e992cc60598fcd170fc6b6196a84c1ad58287c1
Author: Julien Muchembled <jm at jmuchemb.eu>
Date: 2020-02-06 (Thu, 06 Feb 2020)
Changed paths:
M src/ZServer/HTTPServer.py
A src/ZServer/tests/test_HTTPServer.py
Log Message:
-----------
Prevent header spoofing via underscore/dash conflation (#655)
* Prevent header spoofing via underscore/dash conflation
See https://www.djangoproject.com/weblog/2015/jan/13/security/
* - add a test (now I know why there were none)
* - remove unused imports
Co-authored-by: Jens Vagelpohl <jens at netz.ooo>
More information about the checkins
mailing list