Subject: Re: [boost] [beast] Security
From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2017-12-13 03:26:02
On Mon, Jul 3, 2017 at 9:42 AM, Phil Endecott via Boost
> To what extent do we think that Beast should be "secure"? I am
> thinking mostly about handling malicious input.
> Has it been reviewed by anyone with specific experience of how
> HTTP can be attacked? Has it been "fuzzed"?
We now have the answer to this question:
Bishop Fox did find one serious vulnerability in the processing of
compressed websocket frames. This flaw was fixed in time for Boost
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk