Skip to content

Commit

Permalink
Add documentation for security issue
Browse files Browse the repository at this point in the history
  • Loading branch information
digitalresistor committed Dec 23, 2019
1 parent 3bcd690 commit de3324d
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions CHANGES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
1.4.1 (2019-12-??)
------------------

Security Fixes
~~~~~~~~~~~~~~

- Waitress did not properly validate that the HTTP headers it received were
properly formed, thereby potentially allowing a front-end server to treat a
request different from Waitress. This could lead to HTTP request
smuggling/splitting.

Please see the security advisory for more information:
https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4

1.4.0 (2019-12-20)
------------------

Expand Down

0 comments on commit de3324d

Please sign in to comment.