_content/doc: update release notes with backwards incompatible changes

Go 1.19.8 and Go 1.20.3 had backwards-incompatible changes. Raise their
visibility by updating the release notes for Go 1.19 and Go 1.20.

Updates #59153.
Updates #59234.

Change-Id: Icd472bd5754c3dea1a1459e364746600826889b1
Reviewed-on: https://go-review.googlesource.com/c/website/+/482240
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

_content/doc/go1.19.html

@@ -639,6 +639,11 @@ as well as support for rendering them to HTML, Markdown, and text.
       instead of its own named type.
       This allows writing code that operates on a <code>FuncMap</code> from either setting.
     </p>
+    <p><!-- https://go.dev/issue/59153 --><!-- CL 481987 -->
+      Go 1.19.8 and later
+      <a href="/pkg/html/template#hdr-Security_Model">disallow actions in ECMAScript 6 template literals.</a>
+      This behavior can be reverted by the <code>GODEBUG=jstmpllitinterp=1</code> setting.
+    </p>
   </dd>
 </dl><!-- html/template -->
 
@@ -687,7 +692,24 @@ as well as support for rendering them to HTML, Markdown, and text.
       <a href="/pkg/mime/#AddExtensionType"><code>AddExtensionType</code></a>.
     </p>
   </dd>
-</dl>
+</dl><!-- mime -->
+
+<dl id="mime/multipart"><dt><a href="/pkg/mime/multipart">mime/multipart</a></dt>
+  <dd>
+    <p><!-- https://go.dev/issue/59153 --><!-- CL 481985 -->
+      In Go 1.19.8 and later, this package sets limits the size
+      of the MIME data it processes to protect against malicious inputs.
+      <code>Reader.NextPart</code> and <code>Reader.NextRawPart</code> limit the
+      number of headers in a part to 10000 and <code>Reader.ReadForm</code> limits
+      the total number of headers in all <code>FileHeaders</code> to 10000.
+      These limits may be adjusted with the <code>GODEBUG=multipartmaxheaders</code>
+      setting.
+      <code>Reader.ReadForm</code<> further limits the number of parts in a form to 1000.
+      This limit may be adjusted with the <code>GODEBUG=multipartmaxparts</code>
+      setting.
+    </p>
+  </dd>
+</dl><!-- mime/multipart -->
 
 <dl id="net"><dt><a href="/pkg/net/">net</a></dt>
   <dd>

_content/doc/go1.20.html

@@ -828,6 +828,16 @@ proxyHandler := &httputil.ReverseProxy{
   </dd>
 </dl><!-- go/types -->
 
+<dl id="html/template"><dt><a href="/pkg/html/template/">html/template</a></dt>
+  <dd>
+    <p><!-- https://go.dev/issue/59153 --><!-- CL 481993 -->
+      Go 1.20.3 and later
+      <a href="/pkg/html/template#hdr-Security_Model">disallow actions in ECMAScript 6 template literals.</a>
+      This behavior can be reverted by the <code>GODEBUG=jstmpllitinterp=1</code> setting.
+    </p>
+  </dd>
+</dl><!-- html/template -->
+
 <dl id="io"><dt><a href="/pkg/io/">io</a></dt>
   <dd>
     <p><!-- https://go.dev/issue/45899, CL 406776 -->
@@ -899,6 +909,18 @@ proxyHandler := &httputil.ReverseProxy{
       Methods of the <a href="/pkg/mime/multipart/#Reader"><code>Reader</code></a> type now wrap errors
       returned by the underlying <code>io.Reader</code>.
     </p>
+    <p><!-- https://go.dev/issue/59153 --><!-- CL 481985 -->
+      In Go 1.19.8 and later, this package sets limits the size
+      of the MIME data it processes to protect against malicious inputs.
+      <code>Reader.NextPart</code> and <code>Reader.NextRawPart</code> limit the
+      number of headers in a part to 10000 and <code>Reader.ReadForm</code> limits
+      the total number of headers in all <code>FileHeaders</code> to 10000.
+      These limits may be adjusted with the <code>GODEBUG=multipartmaxheaders</code>
+      setting.
+      <code>Reader.ReadForm</code<> further limits the number of parts in a form to 1000.
+      This limit may be adjusted with the <code>GODEBUG=multipartmaxparts</code>
+      setting.
+    </p>
   </dd>
 </dl><!-- mime/multipart -->