> A few weeks ago, Matthew Daley found a security vulnerability in Node's HTTP implementation,
> and thankfully did the responsible thing and reported it to us via email.
> The innocuous commit message does not give away the security implications,
> precisely because we wanted to get a fix out before making a big deal about it.
> I'm extremely grateful that Matthew took the time to report the problem
> ... in such a way that we had a reasonable amount of time to fix the issue before making it public.