weechat
diff --git a/‎weechat/doc/_i18n_doc.py‎
Lines changed: 0 additions & 1 deletion b/‎weechat/doc/_i18n_doc.py‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎weechat/doc/_i18n_security.py‎
Lines changed: 4 additions & 0 deletions b/‎weechat/doc/_i18n_security.py‎
Lines changed: 4 additions & 0 deletions
@@ -14,7 +14,6 @@ def __i18n_doc_doc():
     gettext_noop("FAQ")
     gettext_noop("Plugin API reference")
     gettext_noop("Quick Start guide")
-    gettext_noop("Relay: API")
     gettext_noop("Relay: api")
     gettext_noop("Relay: weechat")
     gettext_noop("Scripting guide")
 
@@ -14,6 +14,7 @@ def __i18n_doc_security():
     gettext_noop("A buffer overflow happens when a new IRC message 005 is received with longer nick prefixes.\n<br>\nNote: a \"normal\" IRC server should not send again a message 005 with new nick prefixes, so the problem should be limited to malicious IRC servers.")
     gettext_noop("A buffer overflow happens when decoding some IRC colors in strings.")
     gettext_noop("A buffer overflows happens in build of strings in different places.")
+    gettext_noop("A crash happens when decoding a malformed HTTP message in relay plugin, protocol \"api\".\n<br>\nThis happens even if the client is not authenticated, the HTTP message is parsed before the authentication.")
     gettext_noop("A crash happens when decoding a malformed websocket frame in relay plugin.\n<br>\nThis happens even if a password is set in relay plugin, the malformed websocket frame can be received before the authentication of the client.")
     gettext_noop("A crash happens when receiving some WeeChat internal color codes in IRC messages.")
     gettext_noop("API")
@@ -39,6 +40,7 @@ def __i18n_doc_security():
     gettext_noop("Core, Plugins")
     gettext_noop("Crash in API function infobar_printf.")
     gettext_noop("Crash on IRC commands sent via Relay.")
+    gettext_noop("Crash on malformed HTTP message in relay plugin, protocol \"api\".")
     gettext_noop("Crash on malformed IRC message 352 (WHO).")
     gettext_noop("Crash on malformed websocket frame in relay plugin.")
     gettext_noop("Crash on nicks monitored with /notify.")
@@ -60,6 +62,7 @@ def __i18n_doc_security():
     gettext_noop("Integer overflow in loops on lists.")
     gettext_noop("Integer overflow with decimal numbers in calculation of expression.")
     gettext_noop("Logger")
+    gettext_noop("NULL Pointer Dereference")
     gettext_noop("Out-of-bounds read")
     gettext_noop("Out-of-bounds write")
     gettext_noop("Possible man-in-the-middle attack in TLS connection to IRC server.")
@@ -72,6 +75,7 @@ def __i18n_doc_security():
     gettext_noop("Strings are built with uncontrolled format when IRC commands are redirected by relay plugin. If the output or redirected command contains formatting chars like \"%\", this can lead to a crash of WeeChat.")
     gettext_noop("Strings are built with uncontrolled format when nicks containing \"%\" are monitored with command <code>/notify</code>.")
     gettext_noop("Strings are built with uncontrolled format when unknown IRC commands are sent to server, if option <code>irc.network.send_unknown_commands</code> is enabled.")
+    gettext_noop("There are multiple ways to mitigate this issue:\n<ul>\n  <li>Rremove all relays with protocol \"api\", see: <code>/help relay</code></li>\n  <li>Unload relay plugin with command: <code>/plugin unload relay</code> and see: <code>/help weechat.plugin.autoload</code></li>\n  <li>Secure relay to allow only some trusted IP addresses, see: <code>/help relay.network.allowed_ips</code></li>\n</ul>")
     gettext_noop("There are multiple ways to mitigate this issue:\n<ul>\n  <li>Rremove all relays, see: <code>/help relay</code></li>\n  <li>Unload relay plugin with command: <code>/plugin unload relay</code> and see: <code>/help weechat.plugin.autoload</code></li>\n  <li>Secure relay to allow only some trusted IP addresses, see: <code>/help relay.network.allowed_ips</code></li>\n</ul>")
     gettext_noop("There are multiple ways to mitigate this issue:\n<ul>\n  <li>Turn off option to send unknown commands: <code>/set irc.network.send_unknown_commands off</code></li>\n  <li>Do not use formatting chars like \"%\" when sending unknown commands to server.</li>\n</ul>")
     gettext_noop("Turn of handling of colors in incoming IRC messages:\n\n<p><pre><code>/set irc.network.colors_receive off</code></pre></p>")