| commit | b70a9e3eaa270773bbec74f6855f4446f5cc84e1 | [log] [tgz] |
|---|---|---|
| author | Damien Neil <dneil@google.com> | Tue Jan 21 16:36:50 2025 -0800 |
| committer | Gopher Robot <gobot@golang.org> | Tue Mar 04 10:28:35 2025 -0800 |
| tree | 561a04de53244c84942b50ac57fe9751e73136ff | |
| parent | 6249541f2a6c4cff317a4502d93dd287c5fb0c51 [diff] |
[internal-branch.go1.23-vendor] proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts When matching against a host "example.com", don't match an IPv6 address like "[1000::1%25.example.com]:80". Thanks to Juho Forsén of Mattermost for reporting this issue. Fixes CVE-2025-22870 For #71984 For #71985 Change-Id: I0c4fdf18765decc27e6ddf220ebe3a9bf4a6454d Reviewed-on: https://go-review.googlesource.com/c/net/+/654716 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Junyang Shao <shaojunyang@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>
This repository holds supplementary Go networking libraries.
The easiest way to install is to run go get -u golang.org/x/net. You can also manually git clone the repository to $GOPATH/src/golang.org/x/net.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. The main issue tracker for the net repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/net:” in the subject line, so it is easy to find.