Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Merging internal commits for release/6.0 #40073
Open
+221
−88
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… HTTP/3 request headers MSRC Case Opened: 68921 - ASP.NET Core - Kestrel overpooling of HTTP/2 and HTTP/3 request headers leads to DoS CRM:0802002372 Summary of the changes (Less than 80 chars) ## Description Kestrel now correctly calls OnHeadersComplete after parsing request headers so unused headers are removed from headers collection. Prevents headers building up over time and exhausting memory. ## Customer Impact Potential DoS attack ## Regression? - [ ] Yes - [x] No [If yes, specify the version the behavior has regressed from] ## Risk - [ ] High - [x] Medium - [ ] Low The change is small but this code is on the critical path of a request. It is executed with every HTTP/2 and HTTP/3 request. ## Verification - [X] Manual (required) - [x] Automated ## Packaging changes reviewed? - [ ] Yes - [ ] No - [x] N/A ---- ## When servicing release/2.1 - [ ] Make necessary changes in eng/PatchConfig.props
https://dev.azure.com/dnceng/internal/_git/dotnet-aspnetcore/pullrequest/20330 added some tests that didn't compile in 6.0
…t-runtime dnceng/internal/dotnet-efcore - Fixup - Fixup - Remove dotnetcliruntime, fix extension - Make sure dotnetcliruntime is set - !fixup! Remove extra `?` from URI - Download Runtime correlation payload - Move from alpine 3.9 to 3.14
…t-efcore dnceng/internal/dotnet-runtime - Pass feed properties to source-build - Point helix.proj dotnetcli payload to dotnetbuilds/internal - Update RuntimeSourceFeed and RuntimeSourceFeedKey for dotnetbuilds - Change `$(DotNetPrivateAssetRootUrl)`
…-merge-6.0-2022-02-08-1020
|
Hi @vseanreesermsft. If this is not a tell-mode PR, please make sure to follow the instructions laid out in the servicing process document. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
No description provided.
The text was updated successfully, but these errors were encountered: