)]}'
{
  "commit": "6446af942e2e2b161c4ec1b60d9703a2b55dc4dd",
  "tree": "cc8198d20c0c197d2b55ee136802e4d7f9983eaf",
  "parents": [
    "77397ffcb2acff0dff7ecd860af1496f34e0bc04"
  ],
  "author": {
    "name": "Damien Neil",
    "email": "dneil@google.com",
    "time": "Tue Nov 07 10:47:56 2023 -0800"
  },
  "committer": {
    "name": "Carlos Amedee",
    "email": "carlos@golang.org",
    "time": "Tue Dec 05 17:18:16 2023 +0000"
  },
  "message": "[release-branch.go1.20] net/http: limit chunked data overhead\n\nThe chunked transfer encoding adds some overhead to\nthe content transferred. When writing one byte per\nchunk, for example, there are five bytes of overhead\nper byte of data transferred: \"1\\r\\nX\\r\\n\" to send \"X\".\n\nChunks may include \"chunk extensions\",\nwhich we skip over and do not use.\nFor example: \"1;chunk extension here\\r\\nX\\r\\n\".\n\nA malicious sender can use chunk extensions to add\nabout 4k of overhead per byte of data.\n(The maximum chunk header line size we will accept.)\n\nTrack the amount of overhead read in chunked data,\nand produce an error if it seems excessive.\n\nUpdates #64433\nFixes #64434\nFixes CVE-2023-39326\n\nChange-Id: I40f8d70eb6f9575fb43f506eb19132ccedafcf39\nReviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2076135\nReviewed-by: Tatiana Bradley \u003ctatianabradley@google.com\u003e\nReviewed-by: Roland Shoemaker \u003cbracewell@google.com\u003e\n(cherry picked from commit 3473ae72ee66c60744665a24b2fde143e8964d4f)\nReviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2095407\nRun-TryBot: Roland Shoemaker \u003cbracewell@google.com\u003e\nTryBot-Result: Security TryBots \u003csecurity-trybots@go-security-trybots.iam.gserviceaccount.com\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\nReviewed-on: https://go-review.googlesource.com/c/go/+/547355\nReviewed-by: Dmitri Shuralyov \u003cdmitshur@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "5a174415dc40148f8465b1f91b58b7a6ca6a1cf6",
      "old_mode": 33188,
      "old_path": "src/net/http/internal/chunked.go",
      "new_id": "8b6e94b5d49cc327085e937aa02eecb5502a0f6c",
      "new_mode": 33188,
      "new_path": "src/net/http/internal/chunked.go"
    },
    {
      "type": "modify",
      "old_id": "5e29a786dd61e42d9380df0aaa6bf9d343293fa3",
      "old_mode": 33188,
      "old_path": "src/net/http/internal/chunked_test.go",
      "new_id": "b99090c1f8ad7321bca8824d8512d507ab15acc6",
      "new_mode": 33188,
      "new_path": "src/net/http/internal/chunked_test.go"
    }
  ]
}