Changelog for
libhtp-devel-0.5.49-67.2.x86_64.rpm :
* Thu Oct 03 2024 Martin Hauke
- Update to version 0.5.49
* headers: put a configurable limit on their numbers.
* htp/table: only fetch element when needed.
* fuzz: limits the number of transactions.
* fuzz: improve debug output.
* fuzz: flush to get full assertion text.
* request: trim headers values also when there is no name.
* Sat Jun 01 2024 Andreas Stieger - run tests, spec file tweaks
* Thu Apr 25 2024 Martin Hauke - Update to version 0.5.48
* decompressor: only take erroneous data on first try
* autotools: run autoupdate to modernize build system- Update to version 0.5.47
* CVE-2024-28871 request: limit probing after missing protocol (boo#1222512)
* Mon Feb 19 2024 Otto Hollmann - Update to version 0.5.46
* tx: configurable number of maximum transactions
* htp: offers possibility to remove transactions
* headers: limit the size of folded headers
* request: be more liberal about transfer-encoding value
* request: continue processing even with invalid headers
* http0.9: process headers if there are non-space characters
* htp_util: fix spelling issue
* src: fix -Wshorten-64-to-32 warnings
* uri: normalization removes trailing spaces
* CVE-2024-23837: excessive processing time of HTTP headers can lead to a denial of service (boo#1220403)
* Thu Jul 27 2023 Otto Hollmann - Update to version 0.5.45
* log: resist allocation failure
* support HTTP Bearer authentication
* Tue Jun 20 2023 Otto Hollmann - Update to version 0.5.44
* response: only trim spaces at headers names end
* response: skips lines before response line
* headers: log a warning for chunks extension
* Fri Apr 21 2023 Otto Hollmann - Update to version 0.5.43
* htp: do not log content-encoding: none
* htp: do not error on multiple 100 Continue
* readme: remove note on libhtp not being stable
* uri: fix compile warning strict-prototypes
* bstr: fix compile warning strict-prototypes
* fuzz_diff: Free the rust test object.
* github: add CIFuzz workflow
* Tue Nov 29 2022 Michael Ströder - Update to version 0.5.42
* github: add initial workflow
* htp: fixes warning about bad delimiter in URI
* fuzz: fix a null dereference in a diff report
* htp: fixes warning about integer
* Wed Sep 28 2022 Michael Ströder - Update to version 0.5.41
* trim white space of invalid folding for first header
* clear buffered data for body data
* minor optimization for decompression code
* Mon Jun 27 2022 Otto Hollmann - Update to version 0.5.40
* uri: optionally allows spaces in uri
* ints: integer handling improvements
* headers: continue on nul byte
* headers: consistent trailing space handling
* list: fix integer overflow
* util: remove unused htp_utf8_decode
* fix 100-continue with CL 0
* lzma: don\'t do unnecessary realloc
* Thu Nov 18 2021 Martin Hauke - Update to version 0.5.39
* host: ipv6 address is a valid host
* util: one char is not always empty line
* test and fuzz improvements
* Sun Jul 04 2021 Martin Hauke - Update to version 0.5.38
* consume empty lines when parsing chunks to avoid quadratic complexity.
* Wed Mar 03 2021 Martin Hauke - Update to version 0.5.37
* support request body decompression
* several accuracy fixes
* fuzz improvments