Skip to content

forward_auth: copy_headers does not strip client-supplied identity headers (Fixes GHSA-7r4p-vjf4-gxv4) #7545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
francislavoie merged 1 commit into from
Mar 4, 2026
+480 −2

reverseproxy: fix forward_auth copy_headers not stripping client-supp…

86b18fc
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

forward_auth: copy_headers does not strip client-supplied identity headers (Fixes GHSA-7r4p-vjf4-gxv4) #7545

reverseproxy: fix forward_auth copy_headers not stripping client-supp…
86b18fc
Select commit
Loading
Failed to load commit list.
test (mac, 1.26)
succeeded Mar 4, 2026 in 2m 35s