http

package standard library

Go to main page

Versions in this module

go1

go1.26.3

May 7, 2026

go1.26.2

Apr 7, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.26.1

Mar 6, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.26.0

Feb 10, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ type ClientConn struct

+ func (cc *ClientConn) Available() int

+ func (cc *ClientConn) Close() error

+ func (cc *ClientConn) Err() error

+ func (cc *ClientConn) InFlight() int

+ func (cc *ClientConn) Release()

+ func (cc *ClientConn) Reserve() error

+ func (cc *ClientConn) RoundTrip(req *Request) (*Response, error)

+ func (cc *ClientConn) SetStateHook(f func(*ClientConn))

type HTTP2Config

+ StrictMaxConcurrentRequests bool

type Transport

+ func (t *Transport) NewClientConn(ctx context.Context, scheme, address string) (*ClientConn, error)

go1.26rc3

Feb 4, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.26rc2

Jan 15, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.26rc1

Dec 16, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.10

May 7, 2026

go1.25.9

Apr 7, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.8

Mar 6, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.7

Feb 4, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.6

Jan 15, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.5

Dec 2, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.4

Nov 5, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.3

Oct 13, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.2

Oct 7, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.1

Sep 3, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25.0

Aug 12, 2025 GO-2025-3955 +2 more

GO-2025-3955: CrossOriginProtection insecure bypass patterns not limited to exact matches in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ type CrossOriginProtection struct

+ func NewCrossOriginProtection() *CrossOriginProtection

+ func (c *CrossOriginProtection) AddInsecureBypassPattern(pattern string)

+ func (c *CrossOriginProtection) AddTrustedOrigin(origin string) error

+ func (c *CrossOriginProtection) Check(req *Request) error

+ func (c *CrossOriginProtection) Handler(h Handler) Handler

+ func (c *CrossOriginProtection) SetDenyHandler(h Handler)

go1.25rc3

Aug 6, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25rc2

Jul 8, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.25rc1

Jun 11, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.13

Feb 4, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.12

Jan 15, 2026 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.11

Dec 2, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.10

Nov 5, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.9

Oct 13, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.8

Oct 7, 2025 GO-2026-4918

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.7

Sep 3, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.6

Aug 6, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.5

Jul 8, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.4

Jun 5, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.3

May 6, 2025 GO-2025-3751 +2 more

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.2

Apr 1, 2025 GO-2025-3751 +2 more

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.1

Mar 4, 2025 GO-2025-3751 +2 more

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24.0

Feb 11, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ type HTTP2Config struct

+ CountError func(errType string)

+ MaxConcurrentStreams int

+ MaxDecoderHeaderTableSize int

+ MaxEncoderHeaderTableSize int

+ MaxReadFrameSize int

+ MaxReceiveBufferPerConnection int

+ MaxReceiveBufferPerStream int

+ PermitProhibitedCipherSuites bool

+ PingTimeout time.Duration

+ SendPingTimeout time.Duration

+ WriteByteTimeout time.Duration

+ type Protocols struct

+ func (p *Protocols) SetHTTP1(ok bool)

+ func (p *Protocols) SetHTTP2(ok bool)

+ func (p *Protocols) SetUnencryptedHTTP2(ok bool)

+ func (p Protocols) HTTP1() bool

+ func (p Protocols) HTTP2() bool

+ func (p Protocols) String() string

+ func (p Protocols) UnencryptedHTTP2() bool

type Server

+ HTTP2 *HTTP2Config

+ Protocols *Protocols

type Transport

+ HTTP2 *HTTP2Config

+ Protocols *Protocols

go1.24rc3

Feb 5, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24rc2

Jan 16, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.24rc1

Dec 13, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.12

Aug 6, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.11

Jul 8, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.10

Jun 5, 2025 GO-2025-4012 +1 more

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.9

May 6, 2025 GO-2025-3751 +2 more

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.8

Apr 1, 2025 GO-2025-3751 +2 more

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.7

Mar 4, 2025 GO-2025-3751 +2 more

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.6

Feb 4, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.5

Jan 16, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.4

Dec 3, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.3

Nov 6, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.2

Oct 1, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.1

Sep 5, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23.0

Aug 13, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

type Cookie

+ Partitioned bool

+ Quoted bool

+ func ParseCookie(line string) ([]*Cookie, error)

+ func ParseSetCookie(line string) (*Cookie, error)

type Request

+ Pattern string

+ func (r *Request) CookiesNamed(name string) []*Cookie

go1.23rc2

Jul 16, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.23rc1

Jun 21, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.12

Feb 4, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.11

Jan 16, 2025 GO-2025-3503 +3 more

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.10

Dec 3, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.9

Nov 6, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.8

Oct 1, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.7

Sep 5, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.6

Aug 6, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.5

Jul 2, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.4

Jun 4, 2024 GO-2024-2963 +5 more

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.3

May 7, 2024 GO-2024-2963 +5 more

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.2

Apr 3, 2024 GO-2024-2963 +5 more

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.1

Mar 5, 2024 GO-2024-2687 +6 more

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22.0

Feb 6, 2024 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ func ServeFileFS(w ResponseWriter, r *Request, fsys fs.FS, name string)

type Handler

+ func FileServerFS(root fs.FS) Handler

type Request

+ func (r *Request) PathValue(name string) string

+ func (r *Request) SetPathValue(name, value string)

type RoundTripper

+ func NewFileTransportFS(fsys fs.FS) RoundTripper

go1.22rc2

Jan 24, 2024 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.22rc1

Dec 19, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.13

Aug 6, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.12

Jul 2, 2024 GO-2025-3420 +4 more

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.11

Jun 4, 2024 GO-2024-2963 +5 more

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.10

May 7, 2024 GO-2024-2963 +5 more

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.9

Apr 3, 2024 GO-2024-2963 +5 more

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.8

Mar 5, 2024 GO-2024-2687 +6 more

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.7

Feb 6, 2024 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.6

Jan 9, 2024 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.5

Dec 5, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.4

Nov 7, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.3

Oct 10, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.2

Oct 5, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.1

Sep 6, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21.0

Aug 8, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ var ErrSchemeMismatch = errors.New("http: server gave HTTP response to HTTPS client")

type ProtocolError

+ func (pe *ProtocolError) Is(err error) bool

type ResponseController

+ func (c *ResponseController) EnableFullDuplex() error

go1.21rc4

Aug 2, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21rc3

Jul 14, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21rc2

Jun 21, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.21rc1

Jun 16, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.14

Feb 6, 2024 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.13

Jan 9, 2024 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.12

Dec 5, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.11

Nov 7, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.10

Oct 10, 2023 GO-2024-2600 +7 more

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.9

Oct 5, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.8

Sep 6, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.7

Aug 1, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.6

Jul 11, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.5

Jun 6, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.4

May 2, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.3

Apr 4, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.2

Mar 7, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20.1

Feb 14, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20

Feb 1, 2023 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ type ResponseController struct

+ func NewResponseController(rw ResponseWriter) *ResponseController

+ func (c *ResponseController) Flush() error

+ func (c *ResponseController) Hijack() (net.Conn, *bufio.ReadWriter, error)

+ func (c *ResponseController) SetReadDeadline(deadline time.Time) error

+ func (c *ResponseController) SetWriteDeadline(deadline time.Time) error

type Server

+ DisableGeneralOptionsHandler bool

type Transport

+ OnProxyConnectResponse func(ctx context.Context, proxyURL *url.URL, connectReq *Request, ...) error

go1.20rc3

Jan 12, 2023 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20rc2

Jan 4, 2023 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.20rc1

Dec 7, 2022 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.13

Sep 6, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.12

Aug 1, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.11

Jul 11, 2023 GO-2023-2102 +8 more

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.10

Jun 6, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.9

May 2, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.8

Apr 4, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.7

Mar 7, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.6

Feb 14, 2023 GO-2023-1878 +9 more

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.5

Jan 10, 2023 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.4

Dec 6, 2022 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.3

Nov 1, 2022 GO-2022-1143 +12 more

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.2

Oct 4, 2022 GO-2022-1143 +12 more

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19.1

Sep 6, 2022 GO-2022-1143 +12 more

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19

Aug 2, 2022 GO-2022-0969 +13 more

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

Changes in this version

+ type MaxBytesError struct

+ Limit int64

+ func (e *MaxBytesError) Error() string

go1.19rc2

Jul 12, 2022 GO-2022-0969 +13 more

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19rc1

Jul 6, 2022 GO-2022-0969 +13 more

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.19beta1

Jun 9, 2022 GO-2022-0969 +13 more

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.10

Jan 10, 2023 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.9

Dec 6, 2022 GO-2023-1571 +10 more

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.8

Nov 1, 2022 GO-2022-1143 +12 more

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.7

Oct 4, 2022 GO-2022-1143 +12 more

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.6

Sep 6, 2022 GO-2022-1143 +12 more

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.5

Aug 1, 2022 GO-2022-0969 +13 more

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.4

Jul 12, 2022 GO-2022-0969 +13 more

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.3

Jun 1, 2022 GO-2022-0520 +15 more

GO-2022-0520: Exposure of client IP addresses in net/http

GO-2022-0525: Improper sanitization of Transfer-Encoding headers in net/http

GO-2022-0969: Denial of service in net/http and golang.org/x/net/http2

GO-2022-1143: Restricted file access on Windows in os and net/http

GO-2022-1144: Excessive memory growth in net/http and golang.org/x/net/http2

GO-2023-1571: Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

GO-2023-1878: Insufficient sanitization of Host header in net/http

GO-2023-2102: HTTP/2 rapid reset can cause excessive work in net/http

GO-2024-2600: Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

GO-2024-2687: HTTP/2 CONTINUATION flood in net/http

GO-2024-2963: Denial of service due to improper 100-continue handling in net/http

GO-2025-3420: Sensitive headers incorrectly sent after cross-domain redirect in net/http

GO-2025-3503: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

GO-2025-3751: Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-4012: Lack of limit when parsing cookies can cause memory exhaustion in net/http

GO-2026-4918: Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

go1.18.2

May 10, 2022 GO-2022-0520 +15 more