We’ve just released another patch release. This release includes several bug fixes, including a few security patches for wthttp:
One related to client certificates, where an internal header normally used for dedicated session processes could be spoofed and would be accepted by Wt regardless of whether it was actually behind a reverse proxy or using dedicated session processes
Another related to dedicated session processes, where X-Forwarded-Proto and X-Forwarded-Port would be trusted by the parent process, even if the parent process was not behind a reverse proxy
See the release notes for more details on the bug fixes.
We’ve just released the first bug fix release according to the new versioning scheme. As outlined in the previous post, this release brings no new features, only some bug fixes. Check the release notes for more info.