Skip to content

Release 1.79.3

Latest
Latest

Choose a tag to compare

View all tags
@easwars easwars released this 17 Mar 23:18
· 1 commit to v1.79.x since this release
v1.79.3
dda86db
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)
Assets 2
Loading