diff options
author | Michael Anthony Knyszek <mknyszek@google.com> | 2023-04-04 22:07:09 +0000 |
---|---|---|
committer | Gopher Robot <gobot@golang.org> | 2023-04-05 15:42:48 +0000 |
commit | 0d719823af1343f9921ee0293596f09e36ced0e4 (patch) | |
tree | 4448d2aab27bdcff53d2d3e9210fb658f63ab9d9 /doc | |
parent | 3e8f5457ef79c2574ba34f8dafc5ad95464c172d (diff) | |
download | go-git-0d719823af1343f9921ee0293596f09e36ced0e4.tar.gz |
html/template,mime/multipart: document new GODEBUG settings
This change documents the new GODEBUG settings introduced for
html/template and mime/multipart, released with Go 1.19.8 and Go 1.20.3
as part of a security fix.
Updates #59153.
Updates #59234.
Change-Id: I25f4d8245da3301dccccfb44da8ff1a5985392a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/482238
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/godebug.md | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/godebug.md b/doc/godebug.md index 44f5dfd16d..d760e0f4ef 100644 --- a/doc/godebug.md +++ b/doc/godebug.md @@ -130,7 +130,19 @@ and the [go command documentation](/cmd/go#hdr-Build_and_test_caching). Go 1.21 made it a run-time error to call `panic` with a nil interface value, controlled by the [`panicnil` setting](/pkg/builtin/#panic). -There is no plan to remove this setting. + +Go 1.21 made it an error for html/template actions to appear inside of an ECMAScript 6 +template literal, controlled by the +[`jstmpllitinterp` setting](/pkg/html/template#hdr-Security_Model). +This behavior was backported to Go 1.19.8+ and Go 1.20.3+. + +Go 1.21 introduced a limit on the maximum number of MIME headers and multipart +forms, controlled by the +[`multipartmaxheaders` and `multipartmaxparts` settings](/pkg/mime/multipart#hdr-Limits) +respectively. +This behavior was backported to Go 1.19.8+ and Go 1.20.3+. + +There is no plan to remove any of these settings. ### Go 1.20 |