From fe4cb9058c8661a2f5296daa51574f81bb756341 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Tue, 17 Jun 2025 19:43:04 +0100
Subject: [PATCH] Hardening suggestions for Stirling-PDF / audit2 (#3758)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I've reviewed the recently opened PR ([3739 - Auditing
support](https://github.com/Stirling-Tools/Stirling-PDF/pull/3739)) and
have identified some area(s) that could benefit from additional
hardening measures.

These changes should help prevent potential security vulnerabilities and
improve overall code quality.

Thank you for your consideration!
🧚🤖  Powered by Pixeebot

[Feedback](https://ask.pixee.ai/feedback) |
[Community](https://pixee-community.slack.com/signup#/domain-signup) |
[Docs](https://docs.pixee.ai/)
![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C911c89402362b71e4c59eff8c459d4942aeda6c8)

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 .../software/proprietary/web/CorrelationIdFilter.java        | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
index 9dc032dfe..6357990a0 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
@@ -1,5 +1,6 @@
 package stirling.software.proprietary.web;
 
+import io.github.pixee.security.Newlines;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -36,11 +37,11 @@ public class CorrelationIdFilter extends OncePerRequestFilter {
             }
             req.setAttribute(MDC_KEY, id);
             MDC.put(MDC_KEY, id);
-            res.setHeader(HEADER, id);
+            res.setHeader(HEADER, Newlines.stripAll(id));
 
             chain.doFilter(req, res);
         } finally {
             MDC.remove(MDC_KEY);
         }
     }
-}
\ No newline at end of file
+}