fce7fb63fc (master): [ruby/net-http] Reject CR/LF in multipart boundary
1 view
Skip to first unread message
Hiroshi SHIBATA
Jun 9, 2026, 9:51:31 PM (11 hours ago) Jun 9
to ruby...@g.ruby-lang.org
Hiroshi SHIBATA 2026-06-10 01:33:01 +0000 (Wed, 10 Jun 2026)
New Revision: fce7fb63fc
https://github.com/ruby/ruby/commit/fce7fb63fc
Log:
[ruby/net-http] Reject CR/LF in multipart boundary
A custom boundary is interpolated into the part separators as-is, so a
boundary containing CR/LF could forge part headers in the same way as
the field name and filename.
https://github.com/ruby/net-http/commit/44c480b336
Co-Authored-By: Claude Fable 5 <nor...@anthropic.com>
Modified files:
lib/net/http/generic_request.rb
test/net/http/test_http.rb
New Revision: fce7fb63fc
https://github.com/ruby/ruby/commit/fce7fb63fc
Log:
[ruby/net-http] Reject CR/LF in multipart boundary
A custom boundary is interpolated into the part separators as-is, so a
boundary containing CR/LF could forge part headers in the same way as
the field name and filename.
https://github.com/ruby/net-http/commit/44c480b336
Co-Authored-By: Claude Fable 5 <nor...@anthropic.com>
Modified files:
lib/net/http/generic_request.rb
test/net/http/test_http.rb
Reply all
Reply to author
Forward
0 new messages