)]}'
{
  "commit": "5fa6923b1ea891400153d04ddf1545e23b40041b",
  "tree": "0ea6bbdf4a16e610c1e5ddf84810d27b1155a6c7",
  "parents": [
    "c4590af14915e7f0aef40da4dec824eb8e3a419b"
  ],
  "author": {
    "name": "Damien Neil",
    "email": "dneil@google.com",
    "time": "Wed Jun 28 13:20:08 2023 -0700"
  },
  "committer": {
    "name": "Joedian Reid",
    "email": "joedian@golang.org",
    "time": "Thu Jul 06 19:41:20 2023 +0000"
  },
  "message": "[release-branch.go1.19] net/http: validate Host header before sending\n\nVerify that the Host header we send is valid.\nAvoids surprising behavior such as a Host of \"go.dev\\r\\nX-Evil:oops\"\nadding an X-Evil header to HTTP/1 requests.\n\nAdd a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to\nheader injection in the way HTTP/1 is, but x/net/http2 doesn\u0027t validate\nthe header and will go into a retry loop when the server rejects it.\nCL 506995 adds the necessary validation to x/net/http2.\n\nUpdates #60374\nFixes #61075\nFor CVE-2023-29406\n\nChange-Id: I05cb6866a9bead043101954dfded199258c6dd04\nReviewed-on: https://go-review.googlesource.com/c/go/+/506996\nReviewed-by: Tatiana Bradley \u003ctatianabradley@google.com\u003e\nTryBot-Result: Gopher Robot \u003cgobot@golang.org\u003e\nRun-TryBot: Damien Neil \u003cdneil@google.com\u003e\n(cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2)\nReviewed-on: https://go-review.googlesource.com/c/go/+/507358\nRun-TryBot: Tatiana Bradley \u003ctatianabradley@google.com\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "0d92fe5f964fb704dc4fa3ef1c1c2aae6d1ecd12",
      "old_mode": 33188,
      "old_path": "src/net/http/http_test.go",
      "new_id": "f03272ab912fcaa573079cba8edf81d907378f37",
      "new_mode": 33188,
      "new_path": "src/net/http/http_test.go"
    },
    {
      "type": "modify",
      "old_id": "cead91d3d4471c168631bc9a62048584e307597a",
      "old_mode": 33188,
      "old_path": "src/net/http/request.go",
      "new_id": "3100037386aebb5ee50280db41588c976f32c3b1",
      "new_mode": 33188,
      "new_path": "src/net/http/request.go"
    },
    {
      "type": "modify",
      "old_id": "0ec8f2474a8d9c44e8e4fe81c893853787180971",
      "old_mode": 33188,
      "old_path": "src/net/http/request_test.go",
      "new_id": "fddc85d6a9bee04996a6e58bcd9577104f53e727",
      "new_mode": 33188,
      "new_path": "src/net/http/request_test.go"
    },
    {
      "type": "modify",
      "old_id": "cba35db25764e004b392243a87de299019fbe0f4",
      "old_mode": 33188,
      "old_path": "src/net/http/transport_test.go",
      "new_id": "985d0625dc93795ad01d8e6e5ecc47474f86470e",
      "new_mode": 33188,
      "new_path": "src/net/http/transport_test.go"
    }
  ]
}