Skip to content

forward_auth: copy_headers does not strip client-supplied identity headers (Fixes GHSA-7r4p-vjf4-gxv4)#7545

Merged
francislavoie merged 1 commit intocaddyserver:masterfrom
NucleiAv:fix/forward-auth-copy-headers-injection
Mar 4, 2026
Merged

forward_auth: copy_headers does not strip client-supplied identity headers (Fixes GHSA-7r4p-vjf4-gxv4)#7545
francislavoie merged 1 commit intocaddyserver:masterfrom
NucleiAv:fix/forward-auth-copy-headers-injection

Commits

Commits on Mar 4, 2026