Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-08-15 | http2: handle 0-length headers better | Anna Henningsen | |
Ignore headers with 0-length names and track memory for headers the way we track it for other HTTP/2 session memory too. This is intended to mitigate CVE-2019-9516. PR-URL: https://github.com/nodejs/node/pull/29122 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> |