dann frazier Wed, 13 Nov 2019 11:57:37 -0800
Just a note that, even though I've merged these fixes, we are actually not vulnerable because we do not enable HTTP*S*BOOT in our builds. That would require setting -DNETWORK_TLS_ENABLE=TRUE at build time, which we do not do currently.