-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
=doc add security advisory for decodeRequest issue (#2137) #2200
Conversation
Test PASSed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
All previosly released Akka HTTP versions are affected: | ||
|
||
* 10.1.x <= 10.1.4 | ||
* 10.0.x <= 10.0.13 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this reads a bit weird to be honest... is this the established way to show version ranges we have adopted?
I think we did - akka-http prior to
10.0.6and
2.4.11.2``
|
||
* Play and Lagom applications, even though both are using Akka HTTP as their server backend, | ||
remain unaffected by this vulnerability. This is because they implement their own content | ||
length validations on top of the underlying models (by using `BodyParser`s). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, one comment tho
Test PASSed. |
No description provided.