microsoft · Trenly · Mar 22, 2024 · Mar 22, 2024 · Mar 22, 2024
@@ -42,7 +42,7 @@
         "type": "git",
         "git": {
           "repositoryUrl": "https://github.com/microsoft/cpprestsdk.git",
-          "commitHash": "122d09549201da5383321d870bed45ecb9e168c5"
+          "commitHash": "411a109150b270f23c8c97fa4ec9a0a4a98cdecf"
         }
       }
     },
@@ -54,7 +54,7 @@
           "commitHash": "fd54913e65338e678440ae66b3b5022ab23b761b"
         }
       }
-    }   
+    }
   ],
   "Version": 1
 }
@@ -1,3 +1,5 @@
+**cpprestsdk is in maintenance mode and we do not recommend its use in new projects. We will continue to fix critical bugs and address security issues.**
+
 ## Welcome!
 
 The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.  
@@ -59,7 +61,7 @@ target_link_libraries(main PRIVATE cpprestsdk::cpprest)
 
 Is there a feature missing that you'd like to see, or found a bug that you have a fix for? Or do you have an idea or just interest in helping out in building the library? Let us know and we'd love to work with you. For a good starting point on where we are headed and feature ideas, take a look at our [requested features and bugs](https://github.com/Microsoft/cpprestsdk/issues).  
 
-Big or small we'd like to take your [contributions](https://github.com/Microsoft/cpprestsdk/wiki/Make-a-contribution-and-report-issues) back to help improve the C++ Rest SDK for everyone. If interested contact us askcasablanca at Microsoft dot com.  
+Big or small we'd like to take your [contributions](https://github.com/Microsoft/cpprestsdk/wiki/Make-a-contribution-and-report-issues) back to help improve the C++ Rest SDK for everyone.
 
 ## Having Trouble?
 

@@ -11,7 +11,7 @@ endif()
 
 set(CPPREST_VERSION_MAJOR 2)
 set(CPPREST_VERSION_MINOR 10)
-set(CPPREST_VERSION_REVISION 18)
+set(CPPREST_VERSION_REVISION 19)
 
 enable_testing()
 

@@ -296,13 +296,14 @@ class uri
     /// A loopback URI is one which refers to a hostname or ip address with meaning only on the local machine.
     /// </summary>
     /// <remarks>
-    /// Examples include "localhost", or ip addresses in the loopback range (127.0.0.0/24).
+    /// Examples include "localhost", or "127.0.0.1". The only URIs for which this method returns true are "127.0.0.1", and "localhost",
+    /// all other URIs return false
     /// </remarks>
     /// <returns><c>true</c> if this URI references the local host, <c>false</c> otherwise.</returns>
     bool is_host_loopback() const
     {
         return !is_empty() &&
-               ((host() == _XPLATSTR("localhost")) || (host().size() > 4 && host().substr(0, 4) == _XPLATSTR("127.")));
+               ((host() == _XPLATSTR("localhost")) || (host() == _XPLATSTR("127.0.0.1")));
     }
 
     /// <summary>

@@ -1574,7 +1574,7 @@ class SafeCastHelper<bool, T, CastToBool>
     }
 
     template<typename E>
-    static void CastThrow(bool b, T& t) SAFEINT_CPP_THROW
+    static void CastThrow(T t, bool& b) SAFEINT_CPP_THROW
     {
         b = !!t;
     }

@@ -71,12 +71,20 @@
 
 #ifdef _NO_ASYNCRTIMP
 #define _ASYNCRTIMP
+#define _ASYNCRTIMP_TYPEINFO
 #else // ^^^ _NO_ASYNCRTIMP ^^^ // vvv !_NO_ASYNCRTIMP vvv
 #ifdef _ASYNCRT_EXPORT
 #define _ASYNCRTIMP __declspec(dllexport)
 #else // ^^^ _ASYNCRT_EXPORT ^^^ // vvv !_ASYNCRT_EXPORT vvv
 #define _ASYNCRTIMP __declspec(dllimport)
 #endif // _ASYNCRT_EXPORT
+
+#if defined(_WIN32)
+#define _ASYNCRTIMP_TYPEINFO
+#else // ^^^ _WIN32 ^^^ // vvv !_WIN32 vvv
+#define _ASYNCRTIMP_TYPEINFO __attribute__((visibility("default")))
+#endif // _WIN32
+
 #endif // _NO_ASYNCRTIMP
 
 #ifdef CASABLANCA_DEPRECATION_NO_WARNINGS

@@ -190,6 +190,7 @@ DAT(expires_in,                     "expires_in")
 DAT(grant_type,                     "grant_type")
 DAT(redirect_uri,                   "redirect_uri")
 DAT(refresh_token,                  "refresh_token")
+DAT(client_credentials,             "client_credentials")
 DAT(response_type,                  "response_type")
 DAT(scope,                          "scope")
 DAT(state,                          "state")

@@ -187,7 +187,7 @@ class header_names
 /// <summary>
 /// Represents an HTTP error. This class holds an error message and an optional error code.
 /// </summary>
-class http_exception : public std::exception
+class _ASYNCRTIMP_TYPEINFO http_exception : public std::exception
 {
 public:
     /// <summary>

@@ -100,25 +100,37 @@ class value
     /// Constructor creating a JSON number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
-    _ASYNCRTIMP value(int32_t value);
+    _ASYNCRTIMP value(int value);
 
     /// <summary>
     /// Constructor creating a JSON number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
-    _ASYNCRTIMP value(uint32_t value);
+    _ASYNCRTIMP value(unsigned value);
 
     /// <summary>
     /// Constructor creating a JSON number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
-    _ASYNCRTIMP value(int64_t value);
+    _ASYNCRTIMP value(long value);
 
     /// <summary>
     /// Constructor creating a JSON number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
-    _ASYNCRTIMP value(uint64_t value);
+    _ASYNCRTIMP value(unsigned long value);
+
+    /// <summary>
+    /// Constructor creating a JSON number value
+    /// </summary>
+    /// <param name="value">The C++ value to create a JSON value from</param>
+    _ASYNCRTIMP value(long long value);
+
+    /// <summary>
+    /// Constructor creating a JSON number value
+    /// </summary>
+    /// <param name="value">The C++ value to create a JSON value from</param>
+    _ASYNCRTIMP value(unsigned long long value);
 
     /// <summary>
     /// Constructor creating a JSON number value
@@ -222,28 +234,42 @@ class value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
     /// <returns>A JSON number value</returns>
-    static _ASYNCRTIMP value __cdecl number(int32_t value);
+    static _ASYNCRTIMP value __cdecl number(int value);
+
+    /// <summary>
+    /// Creates a number value
+    /// </summary>
+    /// <param name="value">The C++ value to create a JSON value from</param>
+    /// <returns>A JSON number value</returns>
+    static _ASYNCRTIMP value __cdecl number(unsigned value);
+
+    /// <summary>
+    /// Creates a number value
+    /// </summary>
+    /// <param name="value">The C++ value to create a JSON value from</param>
+    /// <returns>A JSON number value</returns>
+    static _ASYNCRTIMP value __cdecl number(long value);
 
     /// <summary>
     /// Creates a number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
     /// <returns>A JSON number value</returns>
-    static _ASYNCRTIMP value __cdecl number(uint32_t value);
+    static _ASYNCRTIMP value __cdecl number(unsigned long value);
 
     /// <summary>
     /// Creates a number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
     /// <returns>A JSON number value</returns>
-    static _ASYNCRTIMP value __cdecl number(int64_t value);
+    static _ASYNCRTIMP value __cdecl number(long long value);
 
     /// <summary>
     /// Creates a number value
     /// </summary>
     /// <param name="value">The C++ value to create a JSON value from</param>
     /// <returns>A JSON number value</returns>
-    static _ASYNCRTIMP value __cdecl number(uint64_t value);
+    static _ASYNCRTIMP value __cdecl number(unsigned long long value);
 
     /// <summary>
     /// Creates a Boolean value
@@ -1218,10 +1244,12 @@ class number
     // convert to unsigned int64). This helps handling number objects e.g. comparing two numbers.
 
     number(double value) : m_value(value), m_type(double_type) {}
-    number(int32_t value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {}
-    number(uint32_t value) : m_intval(value), m_type(unsigned_type) {}
-    number(int64_t value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {}
-    number(uint64_t value) : m_uintval(value), m_type(unsigned_type) {}
+    number(int value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {}
+    number(unsigned value) : m_intval(value), m_type(unsigned_type) {}
+    number(long value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {}
+    number(unsigned long value) : m_uintval(value), m_type(unsigned_type) {}
+    number(long long value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {}
+    number(unsigned long long value) : m_uintval(value), m_type(unsigned_type) {}
 
 public:
     /// <summary>
@@ -1438,10 +1466,12 @@ class _Number : public _Value
 {
 public:
     _Number(double value) : m_number(value) {}
-    _Number(int32_t value) : m_number(value) {}
-    _Number(uint32_t value) : m_number(value) {}
-    _Number(int64_t value) : m_number(value) {}
-    _Number(uint64_t value) : m_number(value) {}
+    _Number(int value) : m_number(value) {}
+    _Number(unsigned value) : m_number(value) {}
+    _Number(long value) : m_number(value) {}
+    _Number(unsigned long value) : m_number(value) {}
+    _Number(long long value) : m_number(value) {}
+    _Number(unsigned long long value) : m_number(value) {}
 
     virtual std::unique_ptr<_Value> _copy_value() { return utility::details::make_unique<_Number>(*this); }
 

@@ -284,6 +284,21 @@ class oauth2_config
         return _request_token(ub);
     }
 
+    /// <summary>
+    /// Fetches an access token from the token endpoint using client credentials grant type.
+    /// The task creates an HTTP request to the token_endpoint() using
+    /// client authentication as the authorization grant.
+    /// See: http://tools.ietf.org/html/rfc6749#section-4.4
+    /// </summary>
+    /// <returns>Task that fetches token(s) using client credentials.</returns>
+    pplx::task<void> token_from_client_credentials()
+    {
+        uri_builder ub;
+        ub.append_query(
+            details::oauth2_strings::grant_type, details::oauth2_strings::client_credentials, false);
+        return _request_token(ub);
+    }
+
     /// <summary>
     /// Returns enabled state of the configuration.
     /// The oauth2_handler will perform OAuth 2.0 authentication only if

@@ -584,7 +584,7 @@ class basic_producer_consumer_buffer : public streams::details::streambuf_state_
             // If front block is not empty - we are done
             if (m_blocks.front()->rd_chars_left() > 0) break;
 
-            // The block has no more data to be read. Relase the block
+            // The block has no more data to be read. Release the block
             m_blocks.pop_front();
         }
     }

@@ -5,6 +5,6 @@
  */
 #define CPPREST_VERSION_MINOR 10
 #define CPPREST_VERSION_MAJOR 2
-#define CPPREST_VERSION_REVISION 18
+#define CPPREST_VERSION_REVISION 19
 
 #define CPPREST_VERSION (CPPREST_VERSION_MAJOR * 100000 + CPPREST_VERSION_MINOR * 100 + CPPREST_VERSION_REVISION)
@@ -38,31 +38,48 @@ web::json::value::value()
 {
 }
 
-web::json::value::value(int32_t value)
+web::json::value::value(int value)
     : m_value(utility::details::make_unique<web::json::details::_Number>(value))
 #ifdef ENABLE_JSON_VALUE_VISUALIZER
     , m_kind(value::Number)
 #endif
 {
 }
 
-web::json::value::value(uint32_t value)
+web::json::value::value(unsigned value)
     : m_value(utility::details::make_unique<web::json::details::_Number>(value))
 #ifdef ENABLE_JSON_VALUE_VISUALIZER
     , m_kind(value::Number)
 #endif
 {
 }
 
-web::json::value::value(int64_t value)
+
+web::json::value::value(long value)
     : m_value(utility::details::make_unique<web::json::details::_Number>(value))
 #ifdef ENABLE_JSON_VALUE_VISUALIZER
     , m_kind(value::Number)
 #endif
 {
 }
 
-web::json::value::value(uint64_t value)
+web::json::value::value(unsigned long value)
+    : m_value(utility::details::make_unique<web::json::details::_Number>(value))
+#ifdef ENABLE_JSON_VALUE_VISUALIZER
+    , m_kind(value::Number)
+#endif
+{
+}
+
+web::json::value::value(long long value)
+    : m_value(utility::details::make_unique<web::json::details::_Number>(value))
+#ifdef ENABLE_JSON_VALUE_VISUALIZER
+    , m_kind(value::Number)
+#endif
+{
+}
+
+web::json::value::value(unsigned long long value)
     : m_value(utility::details::make_unique<web::json::details::_Number>(value))
 #ifdef ENABLE_JSON_VALUE_VISUALIZER
     , m_kind(value::Number)
@@ -162,13 +179,17 @@ web::json::value web::json::value::null() { return web::json::value(); }
 
 web::json::value web::json::value::number(double value) { return web::json::value(value); }
 
-web::json::value web::json::value::number(int32_t value) { return web::json::value(value); }
+web::json::value web::json::value::number(int value) { return web::json::value(value); }
+
+web::json::value web::json::value::number(unsigned value) { return web::json::value(value); }
+
+web::json::value web::json::value::number(long value) { return web::json::value(value); }
 
-web::json::value web::json::value::number(uint32_t value) { return web::json::value(value); }
+web::json::value web::json::value::number(unsigned long value) { return web::json::value(value); }
 
-web::json::value web::json::value::number(int64_t value) { return web::json::value(value); }
+web::json::value web::json::value::number(long long value) { return web::json::value(value); }
 
-web::json::value web::json::value::number(uint64_t value) { return web::json::value(value); }
+web::json::value web::json::value::number(unsigned long long value) { return web::json::value(value); }
 
 web::json::value web::json::value::boolean(bool value) { return web::json::value(value); }
 

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
@@ -1,3 +1,12 @@
+cpprestsdk (2.10.19)
+* PR#1982 make Uri.is_host_loopback() only return true for localhost and 127.0.0.1 exactly. 
+  The old behavior could potentially return "true" for URLs that were not, in fact, local,
+  and this could cause security issues if is_host_loopback was used in certain ways.
+* PR#1711 Fix likely typo in SafeInt3.hpp, that results in error with clang 15
+* PR#1496 Support for oauth2 with "client_credentials" grant type.
+* PR#1429 Add constructor from all integer types for json value.
+* PR#1577 export http_exception for non Windows builds using visibility macros.
+
 cpprestsdk (2.10.18)
 * PR#1571 Add ability to parse and emit the NT Epoch 1601-01-01T00:00:00Z
 * PR#1571 Update vcpkg submodule