commit d30316fda936111ad5d4f8b1fde7747c289468b6
parent c345fa6474be6deb0f62209d68572142f62d7b28
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 13 Apr 2026 11:41:30 +0200
bump version
Diffstat:
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,10 @@
+Mon Apr 13 11:39:04 AM CEST 2026
+ Fixed bug where additional "Content-Length" headers were
+ ignored instead of rejecting the request, fixing a
+ (minor) header smuggling vulnerability discovered
+ by SySS GmbH.
+ Releasing GNU libmicrohttpd 1.0.4. -CG
+
Thu Apr 2 12:13:57 AM CEST 2026
Fixed bug in connection list traversal logic that could
cause ready connections to be skipped (possibly indefinitely)
diff --git a/NEWS b/NEWS
@@ -1,3 +1,11 @@
+Mon Apr 13 11:42:06 AM CEST 2026
+Released GNU libmicrohttpd 1.0.4.
+
+ This is a bugfix release.
+ It fixes a minor HTTP request smuggling issue (CWE-444).
+
+ -- Christian Grothoff
+
Thu Apr 2 12:16:28 AM CEST 2026
Released GNU libmicrohttpd 1.0.3.
diff --git a/configure.ac b/configure.ac
@@ -23,7 +23,7 @@
#
AC_PREREQ([2.64])
LT_PREREQ([2.4.0])
-AC_INIT([GNU libmicrohttpd],[1.0.3],[libmicrohttpd@gnu.org])
+AC_INIT([GNU libmicrohttpd],[1.0.4],[libmicrohttpd@gnu.org])
AC_CONFIG_AUX_DIR([build-aux])
MHD_AUX_DIR='build-aux' # Must be set to the same value as in the previous line
AC_CONFIG_HEADERS([MHD_config.h])
