]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1c7ab4) | patch
http.c: Change httpstatus to default disabled and sanitize output.
authorGeorge Joseph <gjoseph@sangoma.com>
Thu, 15 Jan 2026 18:46:21 +0000 (11:46 -0700)
committergithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Thu, 5 Feb 2026 15:25:18 +0000 (15:25 +0000)
commit06486a2f606d69a24aca96c102d7e8260e48e1f2
tree6ec54c2e491d85963bb31be165f734b0632891b7tree
parenta1c7ab47ca14dc41822bf5f44a5fd5cb563daa68commit | diff
http.c: Change httpstatus to default disabled and sanitize output.

To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.

Resolves: #GHSA-v6hp-wh3r-cwxh

UpgradeNote: To prevent possible security issues, the `/httpstatus` page
served by the internal web server is now disabled by default.  To explicitly
enable it, set `enable_status=yes` in http.conf.
configs/samples/http.conf.sample diff | blob | blame | history
main/http.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git