Wt & JWt 3.4.2 and Wt 4.1.2

  • Posted by Roel
  • Wednesday, October 30, 2019 @ 14:52

We’ve just released another patch release. This release includes several bug fixes, including a few security patches for wthttp:

  • One related to client certificates, where an internal header normally used for dedicated session processes could be spoofed and would be accepted by Wt regardless of whether it was actually behind a reverse proxy or using dedicated session processes

  • Another related to dedicated session processes, where X-Forwarded-Proto and X-Forwarded-Port would be trusted by the parent process, even if the parent process was not behind a reverse proxy

See the release notes for more details on the bug fixes.

Here are the links:

Binary builds for Windows are available on the GitHub releases page.

Tags:
1 comment
  • Posted by anonymous
  • one week ago
Halloween version.

Contact us for more information
or a personalised quotation