[GitHub] httpcomponents-core pull request #55: Fix request splitting

2017-12-14 Thread werehuman
Github user werehuman closed the pull request at: https://github.com/apache/httpcomponents-core/pull/55 --- - To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org

[jira] [Moved] (HTTPCLIENT-1889) org.apache.http.client.utils.URLEncodedUtils.parse() should return a new ArrayList when there are no query parameters

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory moved HTTPCORE-500 to HTTPCLIENT-1889: --- Affects Version/s: (was: 4.4.8)

[jira] [Updated] (HTTPCORE-500) org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset) should return a new ArrayList when there are no query parameters

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory updated HTTPCORE-500: -- Description: {{org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset)}} should

[jira] [Updated] (HTTPCORE-500) org.apache.http.client.utils.URLEncodedUtils.parse() should return a new ArrayList when there are no query parameters

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory updated HTTPCORE-500: -- Summary: org.apache.http.client.utils.URLEncodedUtils.parse() should return a new ArrayList

[jira] [Updated] (HTTPCORE-500) org.apache.http.client.utils.URLEncodedUtils.parse() should return a new ArrayList when there are no query parameters

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory updated HTTPCORE-500: -- Description: {{org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset)}} should

[jira] [Created] (HTTPCORE-500) org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset) should return a new ArrayList when there are no query parameters

2017-12-14 Thread Gary Gregory (JIRA)
Gary Gregory created HTTPCORE-500: - Summary: org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset) should return a new ArrayList when there are no query parameters Key: HTTPCORE-500 URL:

Re: Return values org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset)

2017-12-14 Thread Oleg Kalnichevski
On Thu, 2017-12-14 at 09:27 -0700, Gary Gregory wrote: > Thoughts? > Works for me. Oleg > Gary > > On Tue, Dec 12, 2017 at 3:52 PM, Gary Gregory > > wrote: > > > Hi All: > > > > org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset) > > > > returns an

[jira] [Commented] (HTTPCORE-439) Contribute BasicHeader override of equals() and hashCode()

2017-12-14 Thread Oleg Kalnichevski (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291700#comment-16291700 ] Oleg Kalnichevski commented on HTTPCORE-439: @[~lewijw] We need to rewrite the patch. Please

Re: Return values org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset)

2017-12-14 Thread Gary Gregory
Thoughts? Gary On Tue, Dec 12, 2017 at 3:52 PM, Gary Gregory wrote: > Hi All: > > org.apache.http.client.utils.URLEncodedUtils.parse(URI, Charset) > > returns an immutable list if there are no params and a mutable list if > there are params. > > This is trouble since

[jira] [Commented] (HTTPCORE-499) Make interface Header extend NameValuePair

2017-12-14 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291126#comment-16291126 ] ASF subversion and git services commented on HTTPCORE-499: -- Commit

[jira] [Commented] (HTTPCORE-439) Contribute BasicHeader override of equals() and hashCode()

2017-12-14 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291125#comment-16291125 ] ASF subversion and git services commented on HTTPCORE-439: -- Commit

[jira] [Commented] (HTTPCORE-499) Make interface Header extend NameValuePair

2017-12-14 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291124#comment-16291124 ] ASF subversion and git services commented on HTTPCORE-499: -- Commit

Random failures in TestSharedOutputBuffer

2017-12-14 Thread Gary Gregory
Hi All: Is anyone else seeing random failures in TestSharedOutputBuffer? [INFO] Running org.apache.hc.core5.http2.impl.nio.entity.TestSharedOutputBuffer [ERROR] Tests run: 4, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 5.367 s <<< FAILURE! - in

[jira] [Commented] (HTTPCORE-499) Make interface Header extend NameValuePair

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291095#comment-16291095 ] Gary Gregory commented on HTTPCORE-499: --- 4.4.x is back to 'normal' with {{BasicHeader}} having

[jira] [Reopened] (HTTPCORE-439) Contribute BasicHeader override of equals and hashcode

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory reopened HTTPCORE-439: --- > Contribute BasicHeader override of equals and hashcode >

[jira] [Resolved] (HTTPCORE-439) Contribute BasicHeader override of equals() and hashCode()

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory resolved HTTPCORE-439. --- Resolution: Fixed > Contribute BasicHeader override of equals() and hashCode() >

[jira] [Updated] (HTTPCORE-439) Contribute BasicHeader override of equals() and hashCode()

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Gregory updated HTTPCORE-439: -- Summary: Contribute BasicHeader override of equals() and hashCode() (was: Contribute

[jira] [Commented] (HTTPCORE-499) Make interface Header extend NameValuePair

2017-12-14 Thread ASF subversion and git services (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291039#comment-16291039 ] ASF subversion and git services commented on HTTPCORE-499: -- Commit

[jira] [Commented] (HTTPCORE-499) Make interface Header extend NameValuePair

2017-12-14 Thread Gary Gregory (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16291029#comment-16291029 ] Gary Gregory commented on HTTPCORE-499: --- OK, I will fix. > Make interface Header extend

[GitHub] httpcomponents-core pull request #55: Fix request splitting

2017-12-14 Thread werehuman
GitHub user werehuman opened a pull request: https://github.com/apache/httpcomponents-core/pull/55 Fix request splitting If user has access to any header value, he can add any additional malicious header, like `Host`, `X-Forwarded-Host` or even make another HTTP request.

[jira] [Commented] (HTTPCORE-499) Make interface Header extend NameValuePair

2017-12-14 Thread Oleg Kalnichevski (JIRA)
[ https://issues.apache.org/jira/browse/HTTPCORE-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16290625#comment-16290625 ] Oleg Kalnichevski commented on HTTPCORE-499: Gary My understanding is that {{header: Foo,