-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Convert a few posts to Markdown #2437
Conversation
This comment has been minimized.
This comment has been minimized.
## tl;dr | ||
|
||
- A carefully crafted attack request can cause the contents of the HTTP parser's buffer to be appended to the attacking request's header, making it appear to come from the attacker. Since it is generally safe to echo back contents of a request, this can allow an attacker to get an otherwise correctly designed server to divulge information about other requests. It is theoretically possible that it could enable header-spoofing attacks, though such an attack has not been demonstrated. | ||
- Versions affected: All versions of the 0.5/0.6 branch prior to 0.6.17, and all versions of the 0.7 branch prior to 0.7.8. Versions in the 0.4 branch are not affected. | ||
- Fix: Upgrade to [v0.6.17](http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/, or apply the fix in [c9a231d](https://github.com/joyent/node/commit/c9a231d) to your system. | ||
- Fix: Upgrade to [v0.6.17](http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/), or apply the fix in [c9a231d](https://github.com/joyent/node/commit/c9a231d) to your system. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nschonni weird this wasn't caught :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a bunch of the link checking is done through regex. Can't hurt to file an issue with the library though. Not sure if there is a rule that covers links or not
Alright, I went ahead and put back the old IDs for backward compatibility. |
Alright, I believe this is ready for review. We could tweak these further later. |
If it helps, to review you can check the rich diff for each file on GitHub. |
Fixes a few HTML validation errors along the way. Also remove the 404 images from /multi-server-continuous-deployment-with-fleet.md. For npm's posts, I kept the old IDs for backward compatibility.
Can we get this merged? The plan is to convert most inline HTML to Markdown when possible so that we are consistent. This also fixes 2 404 errors. There are a few mixed content errors I noticed too, and I'll fix them in another PR. |
@nodejs/website This needs reviews. |
Fixes a few HTML validation errors along the way.
Also remove the 404 images from /multi-server-continuous-deployment-with-fleet.md.
For npm's posts, I kept the old IDs for backward compatibility.