Possible bug can lead to security issue #886
Comments
|
Hi @pkieltyka, it looks like I can't DM you on X/Twitter |
|
@lfama I opened my DMs, can you try again? |
|
peterk -- github may have auto-tagged you, can you click the "unsubscribe" button? I'm not aware of any other way to untag you |
|
thank you @lfama for the report. Feel free to add any additional details to this ticket if you'd like too :) @lfama had found an issue which was introduced from the community PR #776. The faulty behaviour was that the "Allow" header on 405 responses and was not properly reset in the request context between requests, which are reused via a sync.Pool -- as a result, the "Allow" header was returned and repeated multiple times to clients. The fix is: 9dd8b4a to reset the buffer before using the context. I've published a new release v5.0.11, https://github.com/go-chi/chi/releases/tag/v5.0.11 Thanks again @lfama 🥇 |
Hi there,
I believe I found a bug that can lead to a security issue in some scenarios. I've noticed that the repository doesn't have a Security policy, so I'm not sure how to report it. Could you please let me know which is the right channel to report the issue?
Thanks!
The text was updated successfully, but these errors were encountered: