Changelog for
libhtp-devel-0.5.48-lp151.38.1.x86_64.rpm :
* Thu Apr 25 2024 Martin Hauke
- Update to version 0.5.48
* decompressor: only take erroneous data on first try
* autotools: run autoupdate to modernize build system- Update to version 0.5.47
* request: limit probing after missing protocol
* Mon Feb 19 2024 Otto Hollmann - Update to version 0.5.46
* tx: configurable number of maximum transactions
* htp: offers possibility to remove transactions
* headers: limit the size of folded headers
* request: be more liberal about transfer-encoding value
* request: continue processing even with invalid headers
* http0.9: process headers if there are non-space characters
* htp_util: fix spelling issue
* src: fix -Wshorten-64-to-32 warnings
* uri: normalization removes trailing spaces
* CVE-2024-23837 - Critical severity
* Thu Jul 27 2023 Otto Hollmann - Update to version 0.5.45
* log: resist allocation failure
* support HTTP Bearer authentication
* Tue Jun 20 2023 Otto Hollmann - Update to version 0.5.44
* response: only trim spaces at headers names end
* response: skips lines before response line
* headers: log a warning for chunks extension
* Fri Apr 21 2023 Otto Hollmann - Update to version 0.5.43
* htp: do not log content-encoding: none
* htp: do not error on multiple 100 Continue
* readme: remove note on libhtp not being stable
* uri: fix compile warning strict-prototypes
* bstr: fix compile warning strict-prototypes
* fuzz_diff: Free the rust test object.
* github: add CIFuzz workflow
* Tue Nov 29 2022 Michael Ströder - Update to version 0.5.42
* github: add initial workflow
* htp: fixes warning about bad delimiter in URI
* fuzz: fix a null dereference in a diff report
* htp: fixes warning about integer
* Wed Sep 28 2022 Michael Ströder - Update to version 0.5.41
* trim white space of invalid folding for first header
* clear buffered data for body data
* minor optimization for decompression code
* Mon Jun 27 2022 Otto Hollmann - Update to version 0.5.40
* uri: optionally allows spaces in uri
* ints: integer handling improvements
* headers: continue on nul byte
* headers: consistent trailing space handling
* list: fix integer overflow
* util: remove unused htp_utf8_decode
* fix 100-continue with CL 0
* lzma: don\'t do unnecessary realloc
* Thu Nov 18 2021 Martin Hauke - Update to version 0.5.39
* host: ipv6 address is a valid host
* util: one char is not always empty line
* test and fuzz improvements
* Sun Jul 04 2021 Martin Hauke - Update to version 0.5.38
* consume empty lines when parsing chunks to avoid quadratic complexity.
* Wed Mar 03 2021 Martin Hauke - Update to version 0.5.37
* support request body decompression
* several accuracy fixes
* fuzz improvments
* Fri Dec 04 2020 Martin Hauke - Update to version 0.5.36
* fix a http pipelining issue
* Fri Oct 09 2020 Martin Hauke - Update to version 0.5.35
* fix memory leak in tunnel traffoc
* fix case where chunked data causes excessive CPU use
* Sun Sep 13 2020 Martin Hauke - Update to version 0.5.34
* support data GAP handling
* support 100-continue Expect
* lzma: give more control over settings
* Wed Apr 29 2020 Martin Hauke - Update to version 0.5.33
* compression bomb protection
* memory handling issue found by Oss-Fuzz
* improve handling of anomalies in traffic
* Sun Dec 15 2019 Martin Hauke - Update to version 0.5.32
* bug fixes around pipelining
* Tue Sep 24 2019 Martin Hauke - Udpate to version 0.5.31
* various improvements related to \'HTTP Evader\'
* various fixes for issues found by oss-fuzz
* adds optional LZMA decompression
* Tue Mar 26 2019 Martin Hauke - Correct License
* Thu Mar 07 2019 Martin Hauke - Update to version 0.5.30
* array/list handing optimization
* fuzz targets improvements- Update to version 0.5.29
* prepare for oss-fuzz integration
* fix undefined behavior signed int overflow
* make status code parsing more robust
* Sun Dec 16 2018 mardnhAATTgmx.de- Update to version 0.5.28
* Fix potential memory leaks
* Fix string truncation compile warning
* Wed Jul 18 2018 mardnhAATTgmx.de- Update to version 0.5.27
* Folded header field can be parsed as separate if there are no data available to peek into [#159]
* libhtp crash at deal multiple decompression [#158]
* Fix configure flag handling
* Fix auth/digist header parsing out of bounds read
* Sun Jun 03 2018 mardnhAATTgmx.de- Specfile cleanup- Update to version 0.5.26
* allow missing requests [#128, #163]
* fix memory leak when response line is body [#161]
* fix build on MinGW [#162]
* fix gcc7 compiler warnings [#157]- Update to version 0.5.25
* underscore in htp_validate_hostname [#149]
* fix SONAME issue [#151]
* remove unrelated docbook code from tree [#153]- Update to version 0.5.24
* fix HTTP connect handling issue [#150]