Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider updating http_parser or replacing it with llhttp #296

Open
atheriel opened this issue Mar 6, 2021 · 1 comment
Open

Consider updating http_parser or replacing it with llhttp #296

atheriel opened this issue Mar 6, 2021 · 1 comment

Comments

@atheriel
Copy link
Contributor

atheriel commented Mar 6, 2021

This library is old, stable, and reliable, but recent releases include some security-related fixes. I know that httpuv-based applications are not usually exposed directly to the internet without a better-behaving proxy in front of them, but I think it's still worth updating on safety grounds. There is also one serious out-of-tree security fix in Node (as of December) that is not yet part of http_parser itself.

More generally: http_parser was declared officially unmaintained in October. Node has moved to llhttp, which apparently has a nearly identical API and is significantly faster. httpuv should consider moving to that project instead.
@Diniodoc
Copy link

Diniodoc commented Feb 7, 2022

Hi that is a good point, u should not use unmaintained projects in productive projects. Are there already efforts to replace the http_parser with llhttp?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atheriel @Diniodoc