Skip to content

Commit 175c8e4

Browse files
mcollinaaduh95
andauthored
Update SECURITY.md
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
1 parent 41f6326 commit 175c8e4

1 file changed

Lines changed: 3 additions & 5 deletions

File tree

SECURITY.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -280,11 +280,9 @@ the community they pose.
280280

281281
* Node.js treats data from remote network peers as untrusted, and bugs in
282282
parsers or protocol implementations may be security vulnerabilities.
283-
* Node.js may close HTTP/1.1 keep-alive connections when data is detected while
284-
no request is outstanding, as described by RFC 9112 section 9.2. Reports that
285-
rely solely on a malicious or compromised server racing unsolicited or
286-
misordered responses within the same HTTP/1.1 connection reuse lifecycle are
287-
generally not considered Node.js vulnerabilities.
283+
* Node.js treats data order from HTTP/1.1 keep-alive connections as trusted, meaning that a Node.js
284+
client consuming unsolicited or misordered responses within the same HTTP/1.1 connection
285+
reuse lifecycle are generally not considered Node.js vulnerabilities.
288286

289287
#### Malicious Third-Party Modules (CWE-1357)
290288

0 commit comments

Comments
 (0)