- Fix CVE-2021-22959: Reject HTTP headers with a space before the colon to prevent request smuggling.
- Fix CVE-2021-22960: Correctly parse chunk extensions in chunked bodies to close smuggling gap.
- Update llhttp to 2.1.4 and add regression tests for content‑length and chunked smuggling.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.