cb8a34d785 (master): [ruby/net-http] Validate Content-Type value set by set_content_type
0 views
Skip to first unread message
Hiroshi SHIBATA
Jun 9, 2026, 9:51:25 PM (11 hours ago) Jun 9
to ruby...@g.ruby-lang.org
Hiroshi SHIBATA 2026-06-10 00:59:16 +0000 (Wed, 10 Jun 2026)
New Revision: cb8a34d785
https://github.com/ruby/ruby/commit/cb8a34d785
Log:
[ruby/net-http] Validate Content-Type value set by set_content_type
set_content_type assigned to @header directly, bypassing the CR/LF
validation in set_field, so a crafted media type or parameter could
inject header lines.
https://github.com/ruby/net-http/commit/5fe0f96190
Co-Authored-By: Claude Fable 5 <nor...@anthropic.com>
Modified files:
lib/net/http/header.rb
test/net/http/test_httpheader.rb
New Revision: cb8a34d785
https://github.com/ruby/ruby/commit/cb8a34d785
Log:
[ruby/net-http] Validate Content-Type value set by set_content_type
set_content_type assigned to @header directly, bypassing the CR/LF
validation in set_field, so a crafted media type or parameter could
inject header lines.
https://github.com/ruby/net-http/commit/5fe0f96190
Co-Authored-By: Claude Fable 5 <nor...@anthropic.com>
Modified files:
lib/net/http/header.rb
test/net/http/test_httpheader.rb
Reply all
Reply to author
Forward
0 new messages