From ba6346dd4f87d2c6f57614a623be63e4c68a9d03 Mon Sep 17 00:00:00 2001
From: Brent Andrew Hendricks <brent.hendricks@p5software.com>
Date: Tue, 9 Jun 2026 18:24:52 -0400
Subject: [PATCH] Upgrade ESPAsyncWebServer from v3.11.0 to v3.11.1

Patches CWE-190 DoS vulnerability via specially crafted multipart
boundary parameter (ESP32Async/ESPAsyncWebServer#445). Directly
applicable since the firmware accepts multipart POSTs for OTA and
config restore endpoints.

Closes #481

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 libraries.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries.yaml b/libraries.yaml
index 5287136f..f799f056 100644
--- a/libraries.yaml
+++ b/libraries.yaml
@@ -31,7 +31,7 @@ libraries:
     version: "2.0.2"
     url: "https://github.com/arduino-libraries/Ethernet"
   - name: "ESPAsyncWebServer"
-    version: "v3.11.0"
+    version: "v3.11.1"
     url: "https://github.com/ESP32Async/ESPAsyncWebServer"
   - name: "BrentIO_esp32OTA"
     version: "2026.05.06"