Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-3014

New apache HTTP client is breaking tests

    XMLWordPrintable

    Details

    • Template:
      PUP Bug Template
    • Team:
      Froyo
    • Sprint:
      Froyo - 05/19/2021
    • Method Found:
      Automated Test
    • Release Notes:
      Security Fix
    • Release Notes Summary:
      Hide
      A security update to the apache HTTP client introduced an unrelated change to URL normalization, so that URLs with two consecutive forward slashes between the host and the path will no longer be sent as-is to the server: the second will be URL-encoded as if it was part of the path segment and not a separator. This affects any use of Puppet's HTTP client within Puppet Server.
      Show
      A security update to the apache HTTP client introduced an unrelated change to URL normalization, so that URLs with two consecutive forward slashes between the host and the path will no longer be sent as-is to the server: the second will be URL-encoded as if it was part of the path segment and not a separator. This affects any use of Puppet's HTTP client within Puppet Server.
    • QA Risk Assessment:
      Needs Assessment

      Description

      We recently updated the apache HTTP client in clj-parent from 4.5.3 to 4.5.13. Doing so has broken a number of tests in puppetserver.

      Some of these seem to be due to a change in the way double slashes are handled in URLs, and was caused by the updates in 4.5.8. Still investigating other failures.

      We will need to do further testing to make sure none of these changes affect our actual product.

        Attachments

          Activity

            People

            Assignee:
            maggie Maggie Dreyer
            Reporter:
            maggie Maggie Dreyer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support