_content/doc: update release notes with backwards incompatible changes
Go 1.19.8 and Go 1.20.3 had backwards-incompatible changes. Raise their visibility by updating the release notes for Go 1.19 and Go 1.20. Updates #59153. Updates #59234. Change-Id: Icd472bd5754c3dea1a1459e364746600826889b1 Reviewed-on: https://go-review.googlesource.com/c/website/+/482240 Auto-Submit: Michael Knyszek <mknyszek@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Michael Knyszek <mknyszek@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Родитель
20890b56f4
Коммит
18b7f5b1d4
|
@ -639,6 +639,11 @@ as well as support for rendering them to HTML, Markdown, and text.
|
||||||
instead of its own named type.
|
instead of its own named type.
|
||||||
This allows writing code that operates on a <code>FuncMap</code> from either setting.
|
This allows writing code that operates on a <code>FuncMap</code> from either setting.
|
||||||
</p>
|
</p>
|
||||||
|
<p><!-- https://go.dev/issue/59153 --><!-- CL 481987 -->
|
||||||
|
Go 1.19.8 and later
|
||||||
|
<a href="/pkg/html/template#hdr-Security_Model">disallow actions in ECMAScript 6 template literals.</a>
|
||||||
|
This behavior can be reverted by the <code>GODEBUG=jstmpllitinterp=1</code> setting.
|
||||||
|
</p>
|
||||||
</dd>
|
</dd>
|
||||||
</dl><!-- html/template -->
|
</dl><!-- html/template -->
|
||||||
|
|
||||||
|
@ -687,7 +692,24 @@ as well as support for rendering them to HTML, Markdown, and text.
|
||||||
<a href="/pkg/mime/#AddExtensionType"><code>AddExtensionType</code></a>.
|
<a href="/pkg/mime/#AddExtensionType"><code>AddExtensionType</code></a>.
|
||||||
</p>
|
</p>
|
||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl><!-- mime -->
|
||||||
|
|
||||||
|
<dl id="mime/multipart"><dt><a href="/pkg/mime/multipart">mime/multipart</a></dt>
|
||||||
|
<dd>
|
||||||
|
<p><!-- https://go.dev/issue/59153 --><!-- CL 481985 -->
|
||||||
|
In Go 1.19.8 and later, this package sets limits the size
|
||||||
|
of the MIME data it processes to protect against malicious inputs.
|
||||||
|
<code>Reader.NextPart</code> and <code>Reader.NextRawPart</code> limit the
|
||||||
|
number of headers in a part to 10000 and <code>Reader.ReadForm</code> limits
|
||||||
|
the total number of headers in all <code>FileHeaders</code> to 10000.
|
||||||
|
These limits may be adjusted with the <code>GODEBUG=multipartmaxheaders</code>
|
||||||
|
setting.
|
||||||
|
<code>Reader.ReadForm</code<> further limits the number of parts in a form to 1000.
|
||||||
|
This limit may be adjusted with the <code>GODEBUG=multipartmaxparts</code>
|
||||||
|
setting.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
</dl><!-- mime/multipart -->
|
||||||
|
|
||||||
<dl id="net"><dt><a href="/pkg/net/">net</a></dt>
|
<dl id="net"><dt><a href="/pkg/net/">net</a></dt>
|
||||||
<dd>
|
<dd>
|
||||||
|
|
|
@ -828,6 +828,16 @@ proxyHandler := &httputil.ReverseProxy{
|
||||||
</dd>
|
</dd>
|
||||||
</dl><!-- go/types -->
|
</dl><!-- go/types -->
|
||||||
|
|
||||||
|
<dl id="html/template"><dt><a href="/pkg/html/template/">html/template</a></dt>
|
||||||
|
<dd>
|
||||||
|
<p><!-- https://go.dev/issue/59153 --><!-- CL 481993 -->
|
||||||
|
Go 1.20.3 and later
|
||||||
|
<a href="/pkg/html/template#hdr-Security_Model">disallow actions in ECMAScript 6 template literals.</a>
|
||||||
|
This behavior can be reverted by the <code>GODEBUG=jstmpllitinterp=1</code> setting.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
</dl><!-- html/template -->
|
||||||
|
|
||||||
<dl id="io"><dt><a href="/pkg/io/">io</a></dt>
|
<dl id="io"><dt><a href="/pkg/io/">io</a></dt>
|
||||||
<dd>
|
<dd>
|
||||||
<p><!-- https://go.dev/issue/45899, CL 406776 -->
|
<p><!-- https://go.dev/issue/45899, CL 406776 -->
|
||||||
|
@ -899,6 +909,18 @@ proxyHandler := &httputil.ReverseProxy{
|
||||||
Methods of the <a href="/pkg/mime/multipart/#Reader"><code>Reader</code></a> type now wrap errors
|
Methods of the <a href="/pkg/mime/multipart/#Reader"><code>Reader</code></a> type now wrap errors
|
||||||
returned by the underlying <code>io.Reader</code>.
|
returned by the underlying <code>io.Reader</code>.
|
||||||
</p>
|
</p>
|
||||||
|
<p><!-- https://go.dev/issue/59153 --><!-- CL 481985 -->
|
||||||
|
In Go 1.19.8 and later, this package sets limits the size
|
||||||
|
of the MIME data it processes to protect against malicious inputs.
|
||||||
|
<code>Reader.NextPart</code> and <code>Reader.NextRawPart</code> limit the
|
||||||
|
number of headers in a part to 10000 and <code>Reader.ReadForm</code> limits
|
||||||
|
the total number of headers in all <code>FileHeaders</code> to 10000.
|
||||||
|
These limits may be adjusted with the <code>GODEBUG=multipartmaxheaders</code>
|
||||||
|
setting.
|
||||||
|
<code>Reader.ReadForm</code<> further limits the number of parts in a form to 1000.
|
||||||
|
This limit may be adjusted with the <code>GODEBUG=multipartmaxparts</code>
|
||||||
|
setting.
|
||||||
|
</p>
|
||||||
</dd>
|
</dd>
|
||||||
</dl><!-- mime/multipart -->
|
</dl><!-- mime/multipart -->
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче