HTTP-Tiny-0.091-TRIAL

Security Advisories (1)

CVE-2026-7010 (2026-05-11)

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header, and HTTP/1.1 control data field values. An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.

Changes for version 0.091 - 2025-12-13 (TRIAL RELEASE)

ADDED
- Added keep_alive_timeout to force keepalive connections to be closed based on a timeout.
CHANGED
- Optional tests are always required when releasing.
- Always use TCP_NODELAY option.
FIXED
- Fixed test incorrectly testing cookie jar interactions multiple times.
- Fixed perl version comparisons to work when not starting with 5.
- Fixed link to LIMITATIONS in documentation.

Documentation

CONTRIBUTING.mkdn

Modules

HTTP::Tiny

A small, simple, correct HTTP/1.1 client

Examples

Other files

To install HTTP::Tiny, copy and paste the appropriate command in to your terminal.

cpanm

cpanm HTTP::Tiny

CPAN shell

perl -MCPAN -e shell
install HTTP::Tiny

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.091 - 2025-12-13 (TRIAL RELEASE)

Documentation

Modules

Examples

Other files

Module Install Instructions

Keyboard Shortcuts