core
| Commit | Description |
|---|---|
| escape forward slashes in transfer state to prevent crawler indexing |
http
| Commit | Description |
|---|---|
| add CSP nonce support to JsonpClientBackend | |
| Don't on Passthru outside of reactive context |
platform-server
| Commit | Description |
|---|---|
| prevent SSRF bypasses via protocol-relative and backslash URLs |
router
| Commit | Description |
|---|---|
| normalize multiple leading slashes in URL parser |