- Fixed HTTP request smuggling via spaced headers (CVE‑2021‑22959)
- Fixed HTTP request smuggling via chunk extensions in chunked bodies (CVE‑2021‑22960)
- Updated llhttp to 6.0.4 and added regression tests for both issues
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.