[Bug 69844] New: WebSocket client does not validate that data sent from the server is unmasked

bugzilla Tue, 07 Oct 2025 01:24:34 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=69844


            Bug ID: 69844
           Summary: WebSocket client does not validate that data sent from
                    the server is unmasked
           Product: Tomcat 11
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebSocket
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -------

Required by RFC 6455 5.1

"A client MUST close a connection if it detects a masked
 frame.  In this case, it MAY use the status code 1002 (protocol
 error) as defined in Section 7.4.1. "

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 69844] New: WebSocket client does not validate that data sent from the server is unmasked

Reply via email to