Fixes: #1270
`HeaderTemplate` was confusing iterable values with literal values due
to the presence of comma `,` characters in the result. The result was
that, in certain cases like HTTP Dates, additional spaces were inserted
into the final expanded value.
The root cause of the issue is that `HeaderTemplate` combined all values
into a single `String` template, with each value separated by a comma.
This change refactors `HeaderTemplate` to treat all `values` as individual
`Templates`, removing the need to combine any provided values into a single
String.
* Remove unnecessary string splits when expanding Headers in RequestTemplate
This change converts the Java11 module release into two steps:
1. run `mvn install` for just feign-java11 to ensure the dependent
projects exist in the local repo
2. run `mvn deploy` for `feign-java11`
The result should be that only the single module is deployed
* Correcting License Headers
Fixes#1156
Collection Format was encoding query string values unnecessarily
due to changes introduced in #1138 and #1139 that encode template
values before appending them to the query string.
In addition, `decodeSlash` flags that were accidentally removed,
have been restored in QueryTemplate.
* Restoring decodeSlash in QueryTemplate
* Correcting Readme with regards to decodeSlash usage
Fixes#857
To simply removal, Request.Body was returned back to an internal
component and additional methods were added to Request to expose
it's capabilities outside of the object.
All other deprecated usage in core modules has been removed.
Deprecated code still exists in the test cases and will be
removed once the deprecated methods are removed in our next
major release.
* Fix for HTTP Request Smuggling
Vulnerable module: io.netty:netty-codec-http
Introduced through: io.reactivex:rxnetty-http@0.5.2 and io.reactivex:rxnetty-spectator-http@0.5.2
Exploit maturity: No known exploit
* Fix for Deserialization of Untrusted Data
Vulnerable module: com.google.guava:guava
Introduced through: com.netflix.ribbon:ribbon-core@2.3.0 and com.netflix.ribbon:ribbon-loadbalancer@2.3.0
Exploit maturity: No known exploit
https://app.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236