From 1ad5e9915f2b23855d3248b586ec061ec5de0b30 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Tue, 17 Jun 2025 17:46:49 +0000
Subject: [PATCH] Introduced protections against HTTP header injection /
 smuggling attacks

---
 .../software/proprietary/web/CorrelationIdFilter.java        | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
index 9dc032dfe..6357990a0 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
@@ -1,5 +1,6 @@
 package stirling.software.proprietary.web;
 
+import io.github.pixee.security.Newlines;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -36,11 +37,11 @@ public class CorrelationIdFilter extends OncePerRequestFilter {
             }
             req.setAttribute(MDC_KEY, id);
             MDC.put(MDC_KEY, id);
-            res.setHeader(HEADER, id);
+            res.setHeader(HEADER, Newlines.stripAll(id));
 
             chain.doFilter(req, res);
         } finally {
             MDC.remove(MDC_KEY);
         }
     }
-}
\ No newline at end of file
+}