13 Dec
2017
13 Dec
'17
3:26 a.m.
On Mon, Jul 3, 2017 at 9:42 AM, Phil Endecott via Boost
To what extent do we think that Beast should be "secure"? I am thinking mostly about handling malicious input.
Has it been reviewed by anyone with specific experience of how HTTP can be attacked? Has it been "fuzzed"?
We now have the answer to this question: https://vinniefalco.github.io/BeastAssets/Beast%20-%20Hybrid%20Application%2... Linked from http://www.boost.org/doc/libs/master/libs/beast/doc/html/beast/reports.html#... Bishop Fox did find one serious vulnerability in the processing of compressed websocket frames. This flaw was fixed in time for Boost 1.66.0. Thanks