Katie Hockman <[email protected]> once said: > The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive > containing files that start with “../”. > > This issue is CVE-2021-27919 and Go issue golang.org/issue/44916.
Should I submit a CVE request for the power switch on my server? Prodding it with invalid digits "allows an attacker to cause a denial of service". Kidding aside, I support Fillipo's proposal to exclude low severity issues from these unscheduled security releases. https://github.com/golang/go/issues/44918 Cheers, Anthony -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/YEpw0m3ypr7/2TkX%40alice.
