mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-16 00:00:07 +01:00
cbb8b1d3e9
This lets you build using the runtime Address Sanitizer in gcc. LWS is heavily tested with valgrind routinely during development. But ASAN did find some theoretical-only issues with shifting, strictly ~(1 << 31) is a signed int, it should be ~(1u << 31). Gcc does the same for both, but it's good to have the ability to find these. |
||
|---|---|---|
| .. | ||
| mainpage.md | ||
| README-plugin-sshd-base.md | ||
| README.build.md | ||
| README.ci.md | ||
| README.coding.md | ||
| README.content-security-policy.md | ||
| README.contributing.md | ||
| README.esp32.md | ||
| README.generic-sessions.md | ||
| README.generic-table.md | ||
| README.lwsws.md | ||
| README.plugin-acme.md | ||
| README.problems.md | ||
| README.test-apps.md | ||
| README.unix-domain-reverse-proxy.md | ||
| README.vulnerability-reporting.md | ||
| release-checklist | ||
Vulnerability Reporting
If you become aware of an issue with lws that has a security
dimension for users, please contact andy@warmcat.com by
direct email.
Procedure for announcing vulnerability fixes
The problem and fixed versions will be announced on the libwebsockets mailing list and a note added to the master README.md.