linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linkerd2/pkg
History
Oliver Gould 04a66bacea
Set a header read timeout on HTTP servers (#9181) 
Newer versions of golangci-lint flag `http.Server` instances that do not
set a `ReadHeaderTimeout` as being vulnerable to "slowloris" attacks,
wherein clients initiate requests that hold connections open
indefinitely.

This change sets a `ReadHeaderTimeout` of 10s. This timeout is fairly
conservative so that clients can eagerly create connections, but is
still constrained enough that these connections won't remain open
indefinitely.

This change also updates kubert to v0.9.1, which instruments a header
read timeout on the policy admission server.

Signed-off-by: Oliver Gould <ver@buoyant.io>
 		2022-08-16 11:10:23 -07:00
..
addr Refactor `PublicIPToString` to handle both IPv4 and IPv6 in similar behavior (#8622) 2022-06-20 17:29:12 +01:00
admin Set a header read timeout on HTTP servers (#9181) 2022-08-16 11:10:23 -07:00
charts Change default iptables mode to legacy (#9097) 2022-08-05 10:45:29 -06:00
cmd go: Enable `errorlint` checking (#7885) 2022-02-16 18:32:19 -07:00
config Add `gosec` and `errcheck` lints (#7954) 2022-03-03 10:09:51 -07:00
filesonly Enable lint check for comments (#2023) 2019-01-02 14:03:59 -08:00
flags Add `gosec` and `errcheck` lints (#7954) 2022-03-03 10:09:51 -07:00
healthcheck Allows RSA signed trust anchors on linkerd cli (#7771) (#8868) 2022-08-08 08:04:24 -05:00
identity Fuzzing: Move fuzzers upstream (#7419) 2022-05-05 13:01:00 -06:00
inject Properly inherit `linkerd.io/inject: ingress` from NS to workload (#9114) 2022-08-12 17:17:34 -05:00
issuercerts Allows RSA signed trust anchors on linkerd cli (#7771) (#8868) 2022-08-08 08:04:24 -05:00
k8s Add support for serverauthorization and httproute types to viz stat (#9074) 2022-08-09 12:57:50 -07:00
multicluster Add nodePorts option to multicluster helm chart (#6059) 2021-05-11 17:41:59 -05:00
profiles Introduce proto retries to Service Profiles (#8477) 2022-05-26 13:16:58 +01:00
prometheus build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 (#9107) 2022-08-16 09:20:17 -07:00
protohttp Use go-test/deep for comparisons in tests (#8427) 2022-05-05 09:31:07 -07:00
public Remove the `linkerd-controller` pod (#6039) 2021-04-19 09:57:45 -05:00
servicemirror Add support for service-mirror selectors (#4795) 2020-07-30 10:07:14 -07:00
tls Add `gosec` and `errcheck` lints (#7954) 2022-03-03 10:09:51 -07:00
trace Trace Control plane Components with OC (#3495) 2019-10-18 12:19:13 -07:00
tree Remove namespace from charts and split them into `linkerd-crd` and `linkerd-control-plane` (#6635) 2021-12-10 15:53:08 -05:00
util go: Copy port range utilities from the proxy-init repo (#9143) 2022-08-12 10:34:02 -07:00
version Bump proxy-init to v1.6.2 (#8989) 2022-07-25 18:40:06 +03:00