net/http: close connections when receiving too many headers (CVE-2023-45288) [1.22 backport] #66298
Labels
Milestone
Comments
gopherbot
added
CherryPickCandidate
dmitshur
added
CherryPickApproved
|
Change https://go.dev/cl/576076 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Apr 3, 2024
Disable cmd/internal/moddeps test, since this update includes PRIVATE track fixes. Fixes CVE-2023-45288 For #65051 Fixes #66298 Change-Id: I5bbf774ebe7651e4bb7e55139d3794bd2b8e8fa8 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2197227 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/576076 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Than McIntosh <thanm@google.com>
|
Closed by merging e55d7cf to release-branch.go1.22. |
|
Change https://go.dev/cl/576255 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Apr 3, 2024
Done with: go get golang.org/x/net@internal-branch.go1.22-vendor go mod tidy go mod vendor go generate net/http # zero diff since CL 576076 already did this For CVE-2023-45288. For #65051. For #66298. Change-Id: I2a0d69145d711a73eda92ef5ad4010c7c435f621 Reviewed-on: https://go-review.googlesource.com/c/go/+/576255 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Than McIntosh <thanm@google.com>
dmitshur
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@rolandshoemaker requested issue #65051 to be considered for backport to the next 1.22 minor release.
Edit: Corrected issue reference (#66297 -> #65051)
The text was updated successfully, but these errors were encountered: