)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"f2d1214e5ead689c6657a906391a2fd38f1347d4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"b5ddc4bd_41eef9a1","updated":"2022-06-29 16:50:58.000000000","message":"LGTM","commit_id":"133ec4763db7889179ee09b897f503eb68ccd42e"}],"releasenotes/notes/fixed-API-validation-for-L7-rules-and-session-cookies-cb88f3f1b90171f9.yaml":[{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"4b690aa0a3691daf7c2dc76cbd66ce0bada095d3","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixed validations in L7 rule and session cookie APIs in order to prevent"},{"line_number":5,"context_line":"    authenticated and authorized users to inject code into HAProxy"},{"line_number":6,"context_line":"    configuration. CR and LF (\\r and \\n) are no longer allowed in L7 rule"},{"line_number":7,"context_line":"    keys and values. The session persistence cookie names must follow the rules "},{"line_number":8,"context_line":"    described in"},{"line_number":9,"context_line":"    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"f283f822_d0c8c96a","line":6,"range":{"start_line":6,"start_character":30,"end_line":6,"end_character":39},"updated":"2022-06-20 11:58:57.000000000","message":"it is rendered as \"(r and n)\" in the release notes, I think we need a follow-up patch to fix it (on master and on stable branches)","commit_id":"133ec4763db7889179ee09b897f503eb68ccd42e"},{"author":{"_account_id":34429,"name":"Tom Weininger","email":"dienste@weinimo.de","username":"tweining"},"change_message_id":"ba6fb89707bdadad589ca727155b3f8c099913cd","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fixed validations in L7 rule and session cookie APIs in order to prevent"},{"line_number":5,"context_line":"    authenticated and authorized users to inject code into HAProxy"},{"line_number":6,"context_line":"    configuration. CR and LF (\\r and \\n) are no longer allowed in L7 rule"},{"line_number":7,"context_line":"    keys and values. The session persistence cookie names must follow the rules "},{"line_number":8,"context_line":"    described in"},{"line_number":9,"context_line":"    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"c17f8671_c233a591","line":6,"range":{"start_line":6,"start_character":30,"end_line":6,"end_character":39},"in_reply_to":"f283f822_d0c8c96a","updated":"2022-06-20 13:36:38.000000000","message":"Done","commit_id":"133ec4763db7889179ee09b897f503eb68ccd42e"}]}