-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/url: URL allows malformed query round trip [1.10 backport] #29922
Comments
I will make a cherry-pick CL for this. I am using this as an opportunity to verify an answer I am planning to provide to this question. |
Change https://golang.org/cl/159478 mentions this issue: |
@bradfitz In CL 159478, you said:
Should this issue lose its CherryPickApproved label and/or be closed? Or are you going to re-use it to backport that different fix (as mentioned in #29923 (comment))? In any case, leaving to you. |
This should stay open until we backport something. |
Change https://golang.org/cl/160678 mentions this issue: |
Closed by merging d4cf10b to release-branch.go1.10. |
…in URLs Cherry pick of combined CL 159157 + CL 160178. Fixes #29922 Updates #27302 Updates #22907 Change-Id: I6de92c14284595a58321a4b4d53229285979b872 Reviewed-on: https://go-review.googlesource.com/c/160678 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
is there a target 1.10.x release for d4cf10b? |
Go 1.10 is no longer maintained once Go 1.12 was released. We only support the past two released versions of Go. |
Understood. I thought merging the security fix to the release branch implied a release would be cut. Unreleased security fixes sitting in the branch are unfortunate. |
given this was deemed worthy of backport, and was backported on 2019-02-01 (prior to 1.12 being released on 2019-02-25), would it have been worthwhile to cut a 1.10.x release rolling up unreleased changes prior to dropping support because of 1.12? |
Its importance has been questioned elsewhere. It's not a huge security issue. It's borderline. |
@FiloSottile requested issue #22907 to be considered for backport to the next 1.10 minor release.
The text was updated successfully, but these errors were encountered: