Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update go to go1.20.6 #10812

Merged
merged 1 commit into from
Jul 17, 2023
Merged

update go to go1.20.6 #10812

merged 1 commit into from
Jul 17, 2023

Commits on Jul 17, 2023

  1. update go to go1.20.6 

    go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: golang/go@go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Jul 17, 2023
    Configuration menu
    Copy the full SHA
    49bc060 View commit details
    Browse the repository at this point in the history