forked from TrueCloudLab/distribution
345be95498
golang.org/x/net contains a fix for CVE-2022-41717, which was addressed in stdlib in go1.19.4 and go1.18.9; > net/http: limit canonical header cache by bytes, not entries > > An attacker can cause excessive memory growth in a Go server accepting > HTTP/2 requests. > > HTTP/2 server connections contain a cache of HTTP header keys sent by > the client. While the total number of entries in this cache is capped, > an attacker sending very large keys can cause the server to allocate > approximately 64 MiB per open connection. > > This issue is also fixed in golang.org/x/net/http2 v0.4.0, > for users manually configuring HTTP/2. full diff: https://github.com/golang/net/compare/v0.2.0...v0.4.0 other dependency updates (due to (circular) dependencies): - golang.org/x/sys v0.3.0: https://github.com/golang/sys/compare/3c1f35247d10...v0.3.0 - golang.org/x/text v0.5.0: https://github.com/golang/text/compare/v0.3.7...v0.5.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
---|---|---|
.. | ||
aliases.go | ||
dll_windows.go | ||
empty.s | ||
env_windows.go | ||
eventlog.go | ||
exec_windows.go | ||
memory_windows.go | ||
mkerrors.bash | ||
mkknownfolderids.bash | ||
mksyscall.go | ||
race.go | ||
race0.go | ||
security_windows.go | ||
service.go | ||
setupapi_windows.go | ||
str.go | ||
syscall.go | ||
syscall_windows.go | ||
types_windows.go | ||
types_windows_386.go | ||
types_windows_amd64.go | ||
types_windows_arm.go | ||
types_windows_arm64.go | ||
zerrors_windows.go | ||
zknownfolderids_windows.go | ||
zsyscall_windows.go |