package/go: security bump to version 1.16.4
Fixes the following security issues: - CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an unrecoverable panic when reading a very large header (over 7MB on 64-bit architectures, or over 4MB on 32-bit ones). Transport and Client are vulnerable and the program can be made to crash by a malicious server. Server is not vulnerable by default, but can be if the default max header of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value, in which case the program can be made to crash by a malicious client. https://github.com/golang/go/issues/45710 Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
Loading
Please register or sign in to comment