4.90.0
This release fixes a long standing issue in Vapor's URI parsing if users attempt to parse untrusted input that could lead to potential host spoofing. This was caused by using a C implementation with a uint16_t index with no bounds checking. For more details see the security advisory GHSA-qvxg-wjxc-r4gg.
This vulnerability has been designated as CVE-2024-21631. Thank you to baarde for reporting!