v1.15.5
Important
Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.
In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)
🩹 Fixes
- readRawBody: Fix case-sensitive
Transfer-Encodingcheck causing request smuggling risk (618ccf4)