Message390415
> header = '' + ',' * (10 ** 5)
I guess that a more generic protection against future attacks would be to limit the maximum length of a HTTP header. 100,000 characters for a HTTP Basic authentification does not sound reasonable.
But for now, let's fix the regex. |
|
Date |
User |
Action |
Args |
2021-04-07 10:59:29 | vstinner | set | recipients:
+ vstinner, orsenthil, serhiy.storchaka, yetingli |
2021-04-07 10:59:29 | vstinner | set | messageid: <1617793169.33.0.308238233599.issue43075@roundup.psfhosted.org> |
2021-04-07 10:59:29 | vstinner | link | issue43075 messages |
2021-04-07 10:59:29 | vstinner | create | |
|