gostls13.git log

commit 01af46f7cc419da19f8a6a444da8f6022c016803 [browse]
Author: Dmitri Shuralyov
Date: 2020-09-01 08:58:41 -04:00

[release-branch.go1.15-security] go1.15.1

Change-Id: I4103c524ce46d50215af5097460e514609b513c6
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/835373
Reviewed-by: Filippo Valsorda <valsorda@google.com>

commit eb07103a083237414145a45f029c873d57037e06 [browse]
Author: Roberto Clapis
Date: 2020-08-26 08:53:03 +02:00

[release-branch.go1.15-security] net/http/cgi,net/http/fcgi: add Content-Type detection

This CL ensures that responses served via CGI and FastCGI
have a Content-Type header based on the content of the
response if not explicitly set by handlers.

If the implementers of the handler did not explicitly
specify a Content-Type both CGI implementations would default
to "text/html", potentially causing cross-site scripting.

Thanks to RedTeam Pentesting GmbH for reporting this.

Fixes CVE-2020-24553

Change-Id: I82cfc396309b5ab2e8d6e9a87eda8ea7e3799473
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/823217
Reviewed-by: Russ Cox <rsc@google.com>
(cherry picked from commit 23d675d07fdc56aafd67c0a0b63d5b7e14708ff0)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/835311
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

commit 0fdc3801bfd43d6f55e4ea5bf095e1ea55430339 [browse]
Author: Andrew Bonventre
Date: 2020-08-11 14:06:24 -04:00

[release-branch.go1.15] go1.15

Change-Id: Id2262ff66e750e798ebe7ecfcc13d2653cb85b71
Reviewed-on: https://go-review.googlesource.com/c/go/+/247905
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

commit cbc69e89b17188b3633bafa9d6e6c44f7f1a2ec0 [browse]
Author: Andrew
Date: 2020-08-11 11:03:03 -04:00

[release-branch.go1.15] all: merge master into release-branch.go1.15

5c7748dc9d doc/go1.15: encoding/json's CL 191783 was reverted
5ff5b3c557 doc/go1.15: remove draft notice
5ae1d62ee3 CONTRIBUTORS: update for the Go 1.15 release
7ad776dda5 doc/go1.15: document crypto/tls permanent error
a93a4c1780 runtime: make nanotime1 reentrant

Updates #40697

Change-Id: Ie39896ee6304544cc9e9c1938bdf176f1dcf8766
Reviewed-on: https://go-review.googlesource.com/c/go/+/247900
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

commit c4f8cb43caf0bcd0c730d7d04a3fce129393cecc [browse]
Author: Alexander Rakoczy
Date: 2020-08-06 16:23:54 -04:00

[release-branch.go1.15] go1.15rc2

Change-Id: I2fe55c3f0328291b7d602cfae83d3f0b72cee14c
Reviewed-on: https://go-review.googlesource.com/c/go/+/247238
Run-TryBot: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

clone the repository to get more history