gostls13.git log

commit 31c110705ee11629b6e8471e92c3869d620ffcc3 [browse]
Author: Sergey Matveev
Date: 2025-06-06 17:56:18 +03:00

Autogenerated TLS-related strings

go install golang.org/x/tools/cmd/stringer@latest
cd src/crypto/tls ; go generate

commit 779bd3ad32f8e6e1eb866f10e8aa6170d4e661d2 [browse]
Author: Sergey Matveev
Date: 2023-02-02 00:19:57 +03:00

GOST X.509 and TLS 1.3 support via GoGOST

commit 6796ebb2cb66b316a07998cdcd69b1c486b8579e [browse]
Author: Gopher Robot
Date: 2025-06-05 11:16:22 -07:00

[release-branch.go1.24] go1.24.4

Change-Id: Iec14150cd12e445c3bd927c26f2a54387ba18577
Reviewed-on: https://go-review.googlesource.com/c/go/+/679218
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Bypass: Carlos Amedee <carlos@golang.org>

commit 85897ca220a149333a88b1e4d63f3b751f1141f5 [browse]
Author: Neal Patel
Date: 2025-05-21 14:11:44 -04:00

[release-branch.go1.24] net/http: strip sensitive proxy headers from redirect requests

Similarly to Authentication entries, Proxy-Authentication entries should be stripped to ensure sensitive information is not leaked on redirects outside of the original domain.

https://fetch.spec.whatwg.org/#authentication-entries

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue.

Updates golang/go#73816
Fixes golang/go#73906
Fixes CVE-2025-4673

Change-Id: I8a0f30d5d6bff6c71689bba6efa0b747947e7eb0
Reviewed-on: https://go-review.googlesource.com/c/go/+/679256
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

commit 9f9cf28f8fe67e6c17123cae2d89f116504f2be1 [browse]
Author: Damien Neil
Date: 2025-05-13 15:35:19 -07:00

[release-branch.go1.24] os: don't follow symlinks on Windows when O_CREATE|O_EXCL

(This cherry-pick includes both CL 672396 and CL 676655.)

Match standard Unix behavior: Symlinks are not followed when
O_CREATE|O_EXCL is passed to open.

Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab
for discovering this issue.

For #73702
Fixed #73720
Fixes CVE-2025-0913

Change-Id: Ieb46a6780c5e9a6090b09cd34290f04a8e3b0ca5
Reviewed-on: https://go-review.googlesource.com/c/go/+/672396
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/677215
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>

clone the repository to get more history