qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-26 13:08:08 -07:00
Code Releases Activity
The Go programming language
47,121 Commits 58 Branches 402 Tags 522 MiB
Go 89.6%
Assembly 5.2%
HTML 4.8%
C 0.2%
Shell 0.1%
4d014e7231
Go to file
Filippo Valsorda 4d014e7231 encoding/xml: handle leading, trailing, or double colons in names 
Before this change, <:name> would parse as <name>, which could cause
issues in applications that rely on the parse-encode cycle to
round-trip. Similarly, <x name:=""> would parse as expected but then
have the attribute dropped when serializing because its name was empty.
Finally, <a🅱️c> would parse and get serialized incorrectly. All these
values are invalid XML, but to minimize the impact of this change, we
parse them whole into Name.Local.

This issue was reported by Juho Nurminen of Mattermost as it leads to
round-trip mismatches. See #43168. It's not being fixed in a security
release because round-trip stability is not a currently supported
security property of encoding/xml, and we don't believe these fixes
would be sufficient to reliably guarantee it in the future.

Fixes CVE-2020-29509
Fixes CVE-2020-29511
Updates #43168

Change-Id: I68321c4d867305046f664347192948a889af3c7f
Reviewed-on: https://go-review.googlesource.com/c/go/+/277892
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
2021-03-15 20:04:12 +00:00
.github
api syscall: restore broken GetQueuedCompletionStatus signature but make it not crash 2021-02-24 23:35:00 +00:00
doc cmd/go: remove -insecure flag on go get 2021-03-02 21:49:08 +00:00
lib/time lib/time, time/tzdata: update tzdata to 2021a 2021-01-25 16:08:46 +00:00
misc all: use HTML5 br tags 2021-03-13 03:38:42 +00:00
src encoding/xml: handle leading, trailing, or double colons in names 2021-03-15 20:04:12 +00:00
test cmd/compile: test register ABI for method, interface, closure calls 2021-03-12 21:18:15 +00:00
.gitattributes
.gitignore
AUTHORS A+C: add new e-mail addresses for Andy Pan 2021-03-12 02:56:04 +00:00
codereview.cfg codereview.cfg: add codereview.cfg for master branch 2021-02-19 18:44:53 +00:00
CONTRIBUTING.md
CONTRIBUTORS A+C: add new e-mail addresses for Andy Pan 2021-03-12 02:56:04 +00:00
LICENSE
PATENTS
README.md README: pull gopher image from website 2021-02-16 18:25:10 +00:00
SECURITY.md

README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines at https://golang.org/doc/contribute.html.

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.