diff options
author | Damien Neil <dneil@google.com> | 2022-11-21 14:27:24 -0800 |
---|---|---|
committer | Gopher Robot <gobot@golang.org> | 2022-11-22 18:11:34 +0000 |
commit | 7a00f973a557fa8b5294652382a6280ddb196c1e (patch) | |
tree | 5d3c150b835956f3d1a8eb577bdf7e5f5d6c10b1 /doc | |
parent | 28911b289103d6128c3364a3e3de4ed8eabe630f (diff) | |
download | go-git-7a00f973a557fa8b5294652382a6280ddb196c1e.tar.gz |
archive/tar, archive/zip: disable ErrInsecurePath by default
This change is being made late in the release cycle.
Disable it by default. Insecure path checks may be enabled by setting
GODEBUG=tarinsecurepath=0 or GODEBUG=zipinsecurepath=0.
We can enable this by default in Go 1.21 after publicizing the change
more broadly and giving users a chance to adapt to the change.
For #55356.
Change-Id: I549298b3c85d6c8c7fd607c41de1073083f79b1d
Reviewed-on: https://go-review.googlesource.com/c/go/+/452616
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/go1.20.html | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/doc/go1.20.html b/doc/go1.20.html index 3d49dd2442..c61d308088 100644 --- a/doc/go1.20.html +++ b/doc/go1.20.html @@ -372,18 +372,14 @@ proxyHandler := &httputil.ReverseProxy{ <dl id="archive/tar"><dt><a href="/pkg/archive/tar/">archive/tar</a></dt> <dd> <p><!-- https://go.dev/issue/55356 --> - <code>(*Reader).Next</code> will now return the error <code>ErrInsecurePath</code> - when opening an archive which contains file names that are absolute, - refer to a location outside the current directory, contain invalid - characters, or (on Windows) are reserved names such as <code>NUL</code>. - </p> - <p> - Programs that want to operate on archives containing insecure file names may - ignore this error. - </p> - <p> - Insecure tar file name checks may be entirely disabled by setting the - <code>GODEBUG=tarinsecurepath=1</code> environment variable. + When the <code>GODEBUG=tarinsecurepath=0</code> environment variable + is set, <code>(*Reader).Next</code> will return the error + <code>ErrInsecurePath</code> when opening an archive which contains + file names that are absolute, refer to a location outside the current + directory, contain invalid characters, or (on Windows) are reserved + names such as <code>NUL</code>. Programs that perform their own + name sanitization can ignore this error. This behavior will be made + the default in a future version of Go. </p> </dd> </dl><!-- archive/tar --> @@ -391,18 +387,14 @@ proxyHandler := &httputil.ReverseProxy{ <dl id="archive/zip"><dt><a href="/pkg/archive/zip/">archive/zip</a></dt> <dd> <p><!-- https://go.dev/issue/55356 --> - <code>NewReader</code> will now return the error <code>ErrInsecurePath</code> - when opening an archive which contains file names that are absolute, - refer to a location outside the current directory, contain invalid - characters, or (on Windows) are reserved names such as <code>NUL</code>. - </p> - <p> - Programs that want to operate on archives containing insecure file names may - ignore this error. - </p> - <p> - Insecure zip file name checks may be entirely disabled by setting the - <code>GODEBUG=zipinsecurepath=1</code> environment variable. + When the <code>GODEBUG=zipinsecurepath=0</code> environment variable + is set, <code>NewReader</code> will return the error + <code>ErrInsecurePath</code> when opening an archive which contains + file names that are absolute, refer to a location outside the current + irectory, contain invalid characters, or (on Windows) are reserved + names such as <code>NUL</code>. Programs that perform their own + name sanitization can ignore this error. This behavior will be made + the default in a future version of Go. </p> <p><!-- CL 449955 --> Reading from a directory file that contains file data will now return an error. |