1–7 of 7
anno...@golang.org's profile photo
anno...@golang.org
2:02 PM
[security] Go 1.26 Release Candidate 2 is released
-encoded form net/http may allocate an unexpected amount of memory when provided a large number of key-value pairs. This can result in a denial of service due to memory exhaustion.
unread,
[security] Go 1.26 Release Candidate 2 is released
-encoded form net/http may allocate an unexpected amount of memory when provided a large number of key-value pairs. This can result in a denial of service due to memory exhaustion.
2:02 PM
anno...@golang.org's profile photo
anno...@golang.org
2:02 PM
[security] Go 1.25.6 and Go 1.24.12 are released
-encoded form net/http may allocate an unexpected amount of memory when provided a large number of key-value pairs. This can result in a denial of service due to memory exhaustion.
unread,
[security] Go 1.25.6 and Go 1.24.12 are released
-encoded form net/http may allocate an unexpected amount of memory when provided a large number of key-value pairs. This can result in a denial of service due to memory exhaustion.
2:02 PM
anno...@golang.org's profile photo
anno...@golang.org
10/7/25
[security] Go 1.25.2 and Go 1.24.8 are released
any additional form of sanitization, and may allow injection of attacker controlled information into logs. Thanks to National Cyber Security Centre Finland for reporting this issue
unread,
[security] Go 1.25.2 and Go 1.24.8 are released
any additional form of sanitization, and may allow injection of attacker controlled information into logs. Thanks to National Cyber Security Centre Finland for reporting this issue
10/7/25
anno...@golang.org's profile photo
anno...@golang.org
3/5/24
[security] Go 1.22.1 and Go 1.21.8 are released
a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total
unread,
[security] Go 1.22.1 and Go 1.21.8 are released
a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total
3/5/24
anno...@golang.org's profile photo
anno...@golang.org
4/4/23
[security] Go 1.20.3 and Go 1.19.8 are released
consumption Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes
unread,
[security] Go 1.20.3 and Go 1.19.8 are released
consumption Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes
4/4/23
anno...@golang.org's profile photo
anno...@golang.orgRoland Shoemaker2
2/15/23
[security] Go 1.20.1 and Go 1.19.6 are released
> Multipart form parsing with mime/multipart.Reader.ReadForm can consume > largely unlimited amounts of memory and disk files. This also affects form > parsing in the
unread,
[security] Go 1.20.1 and Go 1.19.6 are released
> Multipart form parsing with mime/multipart.Reader.ReadForm can consume > largely unlimited amounts of memory and disk files. This also affects form > parsing in the
2/15/23
anno...@golang.org's profile photo
anno...@golang.org
10/4/22
[security] Go 1.19.2 and Go 1.18.7 are released
outbound request's Form field is set after the ReverseProxy.Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse
unread,
[security] Go 1.19.2 and Go 1.18.7 are released
outbound request's Form field is set after the ReverseProxy.Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse
10/4/22