Boost logo

Boost :

Subject: Re: [boost] [beast] Security
From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2017-12-13 03:26:02

On Mon, Jul 3, 2017 at 9:42 AM, Phil Endecott via Boost
<boost_at_[hidden]> wrote:
> To what extent do we think that Beast should be "secure"? I am
> thinking mostly about handling malicious input.
> Has it been reviewed by anyone with specific experience of how
> HTTP can be attacked? Has it been "fuzzed"?

We now have the answer to this question:


Linked from


Bishop Fox did find one serious vulnerability in the processing of
compressed websocket frames. This flaw was fixed in time for Boost


Boost list run by bdawes at, gregod at, cpdaniel at, john at