thanks for the update. In future announcements it may be useful to include the command to perform the upgrade as in
$ go get -u -v golang.org/x/net On Thursday, May 20, 2021 at 1:21:20 PM UTC-4 Filippo Valsorda wrote: > Hello gophers, > > Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a > vulnerability in the golang.org/x/net/html package which could cause a > denial of service. > > An attacker can craft an input to ParseFragment that would cause it to > enter an infinite loop and never return. > > This issue was discovered by OSS-Fuzz and reported to us by Andrew > Thornton <ar...@cantab.net>, and is tracked as CVE-2021-33194. > > Cheers, > Filippo on behalf of the Go team > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/0d7ec42c-e4b0-4faf-8e1d-e0792cb6dce1n%40googlegroups.com.