Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 3 commits
- 4 files changed
- 4 contributors
Commits on May 22, 2025
Commits on Jun 4, 2025
-
Fix ReDoS and consistency in multipart regexes
[CVE-2025-49007] There is a ReDoS in multipart parsing here because it is not anchored to the start of a line and so may match as part of its comments. Previously in f92e056 Content-ID and Content-Type were changed to only accept tab and space as whitespace characters. Although that's what the various RFCs show as their BNF, I that's supposed to be interpreted _after_ lines have been unfolded and so we need to allow FWS "Foldable White Space". CR is not allowed unescaped as part of quoted-string. It might be technically valid with a leading backslash, but I don't believe that case is worth supporting. Co-authored-by: Matthew Draper <matthew@trebex.net>
-
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v3.1.15...v3.1.16