Hello gophers, We have tagged version v0.33.0 of golang.org/x/net in order to address a security issue.
x/net/html: non-linear parsing of case-insensitive content Version v0.33.0 of golang.org/x/net fixes a vulnerability in the golang.org/x/net/html package which could cause a denial of service. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. Thanks to Guido Vranken for reporting this issue. This is CVE-2024-45338 and Go issue https://go.dev/issue/70906. Cheers, Go Security team -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/mBUozYMLRxiNNRzAK3B7gg%40geopod-ismtpd-11.
