Skip to content

AIK-11 fix Slowloris vulnerability in pitr HTTP server#2483

Merged
hors merged 2 commits into
mainfrom
AIK-11
May 19, 2026
Merged

AIK-11 fix Slowloris vulnerability in pitr HTTP server#2483
hors merged 2 commits into
mainfrom
AIK-11

Conversation

@hors

@hors hors commented May 15, 2026

Copy link
Copy Markdown
Collaborator

CHANGE DESCRIPTION

Solution:
Set ReadHeaderTimeout, ReadTimeout, and WriteTimeout on the http.Server
to prevent slow-connection DoS attacks.

CHECKLIST

Jira

  • Is the Jira ticket created and referenced properly?
  • Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
  • Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

  • Is an E2E test/test case added for the new feature/change?
  • Are unit tests added where appropriate?
  • Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

  • Are all needed new/changed options added to default YAML files?
  • Are all needed new/changed options added to the Helm Chart?
  • Did we add proper logging messages for operator actions?
  • Did we ensure compatibility with the previous version or cluster upgrade process?
  • Does the change support oldest and newest supported PXC version?
  • Does the change support oldest and newest supported Kubernetes version?

@JNKPercona

Copy link
Copy Markdown
Collaborator
Test Name Result Time
auto-tuning-8-0 passed 00:00:00
allocator-8-0 passed 00:00:00
allocator-8-4 passed 00:00:00
backup-storage-tls-8-0 passed 00:00:00
cross-site-8-0 passed 00:00:00
cross-site-proxysql-8-0 passed 00:00:00
cross-site-proxysql-8-4 passed 00:00:00
custom-users-8-0 passed 00:00:00
demand-backup-cloud-8-0 passed 00:00:00
demand-backup-cloud-8-4 passed 00:00:00
demand-backup-cloud-pxb-8-0 passed 00:00:00
demand-backup-encrypted-with-tls-5-7 passed 00:00:00
demand-backup-encrypted-with-tls-8-0 passed 00:00:00
demand-backup-encrypted-with-tls-8-4 passed 00:00:00
demand-backup-encrypted-with-tls-pxb-5-7 passed 00:00:00
demand-backup-encrypted-with-tls-pxb-8-0 passed 00:00:00
demand-backup-encrypted-with-tls-pxb-8-4 passed 00:00:00
demand-backup-8-0 passed 00:00:00
demand-backup-flow-control-8-0 passed 00:00:00
demand-backup-flow-control-8-4 passed 00:00:00
demand-backup-parallel-8-0 passed 00:00:00
demand-backup-parallel-8-4 passed 00:00:00
demand-backup-without-passwords-8-0 passed 00:00:00
demand-backup-without-passwords-8-4 passed 00:00:00
extra-pvc-8-0 passed 00:00:00
haproxy-5-7 passed 00:00:00
haproxy-8-0 passed 00:00:00
haproxy-8-4 passed 00:00:00
init-deploy-5-7 passed 00:00:00
init-deploy-8-0 passed 00:00:00
limits-8-0 passed 00:00:00
monitoring-2-0-8-0 passed 00:00:00
monitoring-pmm3-8-0 passed 00:00:00
monitoring-pmm3-8-4 passed 00:00:00
one-pod-5-7 passed 00:00:00
one-pod-8-0 passed 00:00:00
pitr-8-0 passed 00:00:00
pitr-8-4 passed 01:00:32
pitr-pxb-8-0 passed 00:00:00
pitr-pxb-8-4 passed 00:00:00
pitr-gap-errors-8-0 passed 00:00:00
pitr-gap-errors-8-4 passed 00:00:00
proxy-protocol-8-0 passed 00:00:00
proxy-switch-8-0 passed 00:00:00
proxysql-sidecar-res-limits-8-0 passed 00:00:00
proxysql-scheduler-8-0 passed 00:00:00
pvc-resize-5-7 passed 00:00:00
pvc-resize-8-0 passed 00:00:00
recreate-8-0 passed 00:00:00
restore-to-encrypted-cluster-8-0 passed 00:00:00
restore-to-encrypted-cluster-8-4 passed 00:00:00
restore-to-encrypted-cluster-pxb-8-0 passed 00:00:00
restore-to-encrypted-cluster-pxb-8-4 passed 00:00:00
scaling-proxysql-8-0 passed 00:00:00
scaling-8-0 passed 00:00:00
scheduled-backup-5-7 passed 00:58:27
scheduled-backup-8-0 passed 00:00:00
scheduled-backup-8-4 passed 00:00:00
security-context-8-0 passed 00:00:00
smart-update1-8-0 passed 00:00:00
smart-update1-8-4 passed 00:00:00
smart-update2-8-0 passed 00:00:00
smart-update2-8-4 passed 00:00:00
smart-update3-8-0 passed 00:00:00
sst-retry-limit-8-0 passed 00:00:00
sst-retry-limit-8-4 passed 00:00:00
storage-8-0 passed 00:00:00
tls-issue-cert-manager-ref-8-0 passed 00:00:00
tls-issue-cert-manager-8-0 passed 00:00:00
tls-issue-self-8-0 passed 00:00:00
upgrade-consistency-8-0 passed 00:00:00
upgrade-consistency-8-4 passed 00:00:00
upgrade-haproxy-5-7 passed 00:00:00
upgrade-haproxy-8-0 passed 00:00:00
upgrade-proxysql-5-7 passed 00:00:00
upgrade-proxysql-8-0 passed 00:00:00
users-5-7 passed 00:29:51
users-8-0 passed 00:28:56
users-scheduler-8-4 passed 00:39:00
validation-hook-8-0 passed 00:00:00
Summary Value
Tests Run 80/80
Job Duration 01:25:45
Total Test Time 03:36:47

commit: f47634e
image: perconalab/percona-xtradb-cluster-operator:PR-2483-f47634eb

@egegunes egegunes left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hors please add description and update the PR title to indicate the change is for pitr http server

@hors hors changed the title AIK-11 set ReadHeaderTimeout, ReadTimeout, and WriteTimeout on the ht… AIK-11 fix Slowloris vulnerability in pitr HTTP server May 18, 2026
@hors hors requested a review from egegunes May 18, 2026 07:54
@hors hors merged commit 2859b90 into main May 19, 2026
11 checks passed
@hors hors deleted the AIK-11 branch May 19, 2026 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/XS 0-9 lines

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants