HTTP Timeout (!704) · Merge requests · Crafty Controller / Crafty 4

computergeek125 requested to merge tweak/http-timeout into dev Jan 31, 2024

What does this MR do and why?

Sets timeout on http redirects to be .5 seconds.
This is a security-related fix to resolve an issue with the HTTP listener. Resolves #327 (closed).
This resolves CVE-2024-1064.

How to set up and validate locally

Run http listener in Crafty
Send http request to Crafty and reset host header to a host that not serve a reply.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Have you checked this doesn't interfere/conflict/duplicate someone elses work?
Have you fully tested your changes?
Have you resolved any lint issues?
Have you assigned a reviewer?
Have you applied correct labels?

Edited Feb 02, 2024 by Iain Powrie

HTTP Timeout

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports