From aefbafa0785249976402dd63314a03b665089da1 Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Thu, 7 May 2026 16:29:04 -0500 Subject: [PATCH 1/2] fix(cve): Address work around for cve-2026-22732 Co-Authored-By: Claude Sonnet 4.5 --- .../spinnaker/config/WebConfigOverrides.java | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java diff --git a/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java b/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java new file mode 100644 index 0000000000..ca033a5399 --- /dev/null +++ b/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java @@ -0,0 +1,43 @@ +/* + * Copyright 2026 Netflix, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.netflix.spinnaker.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.ObjectPostProcessor; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.header.HeaderWriterFilter; + +@Configuration +@Order(Ordered.HIGHEST_PRECEDENCE+5) +public class WebConfigOverrides extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .headers() + .addObjectPostProcessor(new ObjectPostProcessor() { + @Override + public HeaderWriterFilter postProcess(HeaderWriterFilter filter) { + filter.setShouldWriteHeadersEagerly(true); + return filter; + } + }); + } +} From c2e68e0dabe61d56dbb4b3e6016425f38efafb3d Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Thu, 7 May 2026 16:48:06 -0500 Subject: [PATCH 2/2] chore(formatting): Apply spotlessApply formatting Co-Authored-By: Claude Sonnet 4.5 --- .../spinnaker/config/WebConfigOverrides.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java b/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java index ca033a5399..7e1a81039e 100644 --- a/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java +++ b/gate-web/src/main/java/com/netflix/spinnaker/config/WebConfigOverrides.java @@ -25,19 +25,19 @@ import org.springframework.security.web.header.HeaderWriterFilter; @Configuration -@Order(Ordered.HIGHEST_PRECEDENCE+5) +@Order(Ordered.HIGHEST_PRECEDENCE + 5) public class WebConfigOverrides extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http - .headers() - .addObjectPostProcessor(new ObjectPostProcessor() { - @Override - public HeaderWriterFilter postProcess(HeaderWriterFilter filter) { - filter.setShouldWriteHeadersEagerly(true); - return filter; - } - }); + http.headers() + .addObjectPostProcessor( + new ObjectPostProcessor() { + @Override + public HeaderWriterFilter postProcess(HeaderWriterFilter filter) { + filter.setShouldWriteHeadersEagerly(true); + return filter; + } + }); } }