1.4.0 – 2020-04-07¶
Security¶
Prevent users from receiving an invalid authority parsed from a malicious URL. Previously we did not stop parsing the authority section at the first backslash (
\\
) character. As a result, it was possible to trick our parser into parsing up to the first forward-slash (/
) and thus generating an invalid authority.See also GitHub pr-64 and the blog post that sparked this change
Bug Fixes and Features¶
Add
from_uri
toURIBuilder
to allow creation of aURIBuilder
from an existing URI.See also GitHub pr-63
Fix a typographical error in our documentation.
See also GitHub pr-61