net/http: invalid headers are normalized, allowing request smuggling [1.13 backport] #34542

gopherbot · 2019-09-25T21:42:46Z

@FiloSottile requested issue #34540 to be considered for backport to the next 1.13 minor release.

@gopherbot Please open backport issues for this. This was a security problem.

FiloSottile · 2019-09-25T21:43:36Z

Fixed in 5a6ab1e.

gopherbot added the CherryPickCandidate Used during the release process for point releases label Sep 25, 2019

gopherbot mentioned this issue Sep 25, 2019

net/http: invalid headers are normalized, allowing request smuggling #34540

Closed

gopherbot added this to the Go1.13.2 milestone Sep 25, 2019

FiloSottile modified the milestones: Go1.13.2, Go1.13.1 Sep 25, 2019

FiloSottile closed this as completed Sep 25, 2019

FiloSottile added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Sep 26, 2019

howardjohn mentioned this issue Sep 27, 2019

Upgrade to golang 1.13.1 istio/tools#379

Merged

mholt mentioned this issue Oct 31, 2019

reverseproxy: avoid panic if failed to parse url caddyserver/caddy#2848

Closed

4 tasks

golang locked and limited conversation to collaborators Sep 25, 2020

gopherbot added the FrozenDueToAge label Sep 25, 2020

tatianab added the Security label Aug 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

net/http: invalid headers are normalized, allowing request smuggling [1.13 backport] #34542

net/http: invalid headers are normalized, allowing request smuggling [1.13 backport] #34542

gopherbot commented Sep 25, 2019

FiloSottile commented Sep 25, 2019

net/http: invalid headers are normalized, allowing request smuggling [1.13 backport] #34542

net/http: invalid headers are normalized, allowing request smuggling [1.13 backport] #34542

Comments

gopherbot commented Sep 25, 2019

FiloSottile commented Sep 25, 2019