sanmai
commented
7 months ago Please review my comments.
Alternatively, I'll be happy to close this PR as it looks like it is no longer necessary for my cause.
Closed sanmai closed 4 months ago
sanmai
commented
7 months ago Please review my comments.
Alternatively, I'll be happy to close this PR as it looks like it is no longer necessary for my cause.
This PR backports subdomain validation from #466, necessary to fix CVE-2021-30492.
I also added/fixed tests. Here's how you can run them:
All should be left is to tag a new release, update the Packagist registry, and tweak CVE-2021-30492 to mark this new version as unaffected.