merlimat opened a new pull request, #23976: URL: https://github.com/apache/pulsar/pull/23976
Potential fix for [https://github.com/apache/pulsar/security/code-scanning/22](https://github.com/apache/pulsar/security/code-scanning/22) To fix the problem, we need to ensure that any user-provided input used in HTTP headers is properly sanitized to prevent HTTP response splitting. This can be done by removing or escaping special characters such as CRLF from the input before using it in the response header. The best way to fix this issue is to create a method that sanitizes the input by removing or escaping special characters and then use this method to sanitize the `SASL_STATE_SERVER` header value before setting it in the response. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
