Skip to content

v7.8.4

Latest

Choose a tag to compare

@stephenberry stephenberry released this 02 Jul 16:40

Fixes

  • fix out-of-bounds read in jmespath negative-step slice by @uwezkhan in #2670
  • Fix jmespath negative single index and negative-step slice bounds by @stephenberry in #2673
  • reject conflicting content-length headers in try_parse_request by @uwezkhan in #2667
  • bound get_view_json seek separator check against end of input by @uwezkhan in #2679
  • drop header fields with CR or LF when serializing http messages by @uwezkhan in #2677
  • bound cbor eigen matrix read to the matrix's storage by @uwezkhan in #2680
  • guard char escape read against end of non-null-terminated input by @uwezkhan in #2681
  • enforce rfc 6455 frame masking in process_frames by @uwezkhan in #2674
  • bound async response body to content-length in http_client by @uwezkhan in #2684

Full Changelog: v7.8.3...v7.8.4