Search
Search is not available in local development.
Run npx pagefind --site __site after building to enable it.

HTTP

JLSEC-2026-611Unbounded HTTP/2 concurrent streams and Rapid Reset denial of service in HTTP.jl serverJLSEC-2026-612Path traversal in the HTTP.jl static file server via separator/absolute path segmentsJLSEC-2026-613Redirect credential leakage across scheme/port in HTTP.jlJLSEC-2026-614WebSocket default Origin check ignores scheme and port in HTTP.jlJLSEC-2026-615Cookie jar accepts Secure/__Host-/__Secure- cookies from non-secure origins in HTTP.jlJLSEC-2026-616HTTP/1 client request smuggling via CR/LF in method, target, or host in HTTP.jlJLSEC-2026-617Open redirect in the HTTP.jl static file server canonical redirectsJLSEC-2026-618HTTP/1 request smuggling via bare-LF, lenient chunk size, and TE/CL handling in HTTP.jl s…JLSEC-2026-619CR/LF injection in server-sent events (SSE) fields in HTTP.jlJLSEC-2026-620WebSocket reader data race in auto-PONG/CLOSE-echo handling in HTTP.jlJLSEC-2026-621Thread-safety and out-of-bounds reads in the HTTP.jl content-type snifferJLSEC-2026-622Predictable WebSocket masking key and handshake nonce in HTTP.jl clientJLSEC-2026-623Insufficient HTTP/2 pseudo-header and Host/:authority validation in HTTP.jl serverJLSEC-2026-624HTTP/2 client HPACK desynchronization via header blocks for unknown streams in HTTP.jlJLSEC-2025-40Header injection/Response splitting via header construction.JLSEC-2025-1CR/LF injection in URIs.jl (also affects HTTP.jl)