Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[UNDERTOW-2323][UNDERTOW-2311][UNDERTOW-2310][UNDERTOW-2327] CVE-2023-44487 backport fixes to branch 2.2.x #1526

Merged
merged 6 commits into from
Oct 17, 2023

Conversation

ropalka and others added 4 commits October 17, 2023 08:16
…responses to rst streams can be handled correctly.

The cache is cleaned after a while (current default value is set to 1 minute). If, during that time, a response to a canceled request stream is received from the server, the channel will be able to detect it is not a protocol error but just a matter of timing: the server responded the request before receiving and processing the rst frame

Signed-off-by: Flavia Rainone <[email protected]>
@fl4via fl4via added the backport The PR is the result of backporting another PR to a maintainance branch label Oct 17, 2023
…f requests followed by rst frames canceling the requests can cause a denial of service

Signed-off-by: Flavia Rainone <[email protected]>
…t gets a connection closed by goaway before processing the responses from server

Signed-off-by: Flavia Rainone <[email protected]>
@fl4via fl4via merged commit 48f35cf into undertow-io:2.2.x Oct 17, 2023
34 checks passed
@fl4via fl4via deleted the 2.2.x-backport-fixes branch October 17, 2023 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport The PR is the result of backporting another PR to a maintainance branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants