All work

CVE-2024-21742 MIME4J header smuggling - Analysis of vulnerability - Eureka - Quesnelia

Vert.x 4.2.2, Netty 4.1.72.Final fixing header request smuggling (CVE-2021-43797)

Disable x-okapi-trace header by default

Missing headers reported by ZAP need to be added

change login API to return tokens in the body and not in private headers

okhttp 3 Information Exposure from illegal character in a header

Hosted Reference envs - Set Strict-Transport-Security response header

Spike: Provide guidelines for use of Content Security Policy headers with FOLIO

investigate HTTP Response Header injection

X-Okapi-Module-Tokens response header providing access to unauthenticated users

Spike: back-end cache headers

HTTP header injection with X-Okapi-Token

edge-common 4.3.0 fixing tenant header injection

edge-common 4.3.0 fixing tenant header injection

edge-common 4.3.0 fixing tenant header injection

tenant header injection security vulnerability (EDGCOMMON-47).

edge-common 4.3.0 fixing tenant header injection

edge-lti-courses: edge-common 4.3.1 fixing tenant header injection

Allow list fixing header injection in OkapiFeignClientExceptionHandler

edge-common 4.3.0 fixing tenant header injection

Fix behavior when tenant header is present in a request