nlsj1985
nlsj1985
@Kludex httptools 5.0.0 just got released with the CVE fixes in llhttp. It seems it will get included in uvicorn automatically when you create a release, but i'm not sure....
note. I made a PR in the httptools project for the latest llhttp (v6.0.10) update.. but guess it's wise to first proceed with this httptools 0.5.0 in uvicorn 0.19.0 and...
httptools v5.0.0 contains llhttp release/v6.0.9, this included some fixes for the 3 CVE's that where done in llhttp release/v6.0.7 llhttp release/v6.0.10 seems to update a resolution for CVE-2022-32213: Disable chunked...
Yeah, sorry I thought one could read the hackerone reports after registering, but they aren't public (i can't access them also). The release/change notes where a bit fuzzy when i...
Thanks also!