HTTP Timeout
What does this MR do and why?
- Sets timeout on http redirects to be .5 seconds.
- This is a security-related fix to resolve an issue with the HTTP listener. Resolves #327 (closed).
- This resolves CVE-2024-1064.
How to set up and validate locally
- Run http listener in Crafty
- Send http request to Crafty and reset host header to a host that not serve a reply.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
Have you checked this doesn't interfere/conflict/duplicate someone elses work? -
Have you fully tested your changes? -
Have you resolved any lint issues? -
Have you assigned a reviewer? -
Have you applied correct labels?
Edited by Iain Powrie