Mercure 0.24.2 is out: a security hardening release. Rejects SSE field injection (CWE-93) via id/type, blocks reserved-namespace forgery, fixes a Last-Event-ID leak, caps element counts against DoS. Upgrade your hub.
github.com/dunglas/merc...
Community Mercure 0.24.2 is a security hardening release. It closes an SSE field-injection vector (CWE-93), blocks forgery of the hub's reserved subscription-event topics, fixes a metadata leak in ...
