Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't allow CRLF in headers #2258

Merged
merged 1 commit into from
Aug 29, 2024
Merged

Don't allow CRLF in headers #2258

merged 1 commit into from
Aug 29, 2024

Conversation

alexeyzimarev
Copy link
Member

Description

Fixes potential exposure of applications that use RestSharp and allow users to provide header values to execute a request with CRLF in the header value possibly causing SSRF.

Purpose

This pull request is a:

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

It's breaking change since some users might be required to send invalid header values. Also, the new version is not binary-compatible with the previous version, so the fix will be released as a major version.

@alexeyzimarev alexeyzimarev merged commit 0fba5e7 into dev Aug 29, 2024
10 checks passed
@repo-ranger repo-ranger bot deleted the forbid-cr-lf-header branch August 29, 2024 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant