Node.js v6.7.0 (Current) 发布,多个重要更新
http: CVE-2016-5325 - Properly validate for allowable characters in the reason argument inServerResponse#writeHead(). Fixes a possible response splitting attack vector. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. Originally reported independently by Evan Lucas and Romain Gaucher. (Evan Lucas) nodejs/node-private#60
页:
[1]