Merge pull request '[DOCS] RELEASE-NOTES.md (squash) v1.21.2-0' (#1904) from earl-warren/forgejo:wip-release-notes-1.21 into forgejo-development
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1904
This commit is contained in:
commit
9559f7c3b7
1 changed files with 1 additions and 1 deletions
|
@ -13,7 +13,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/
|
|||
$ git -C forgejo log --oneline --no-merges v1.21.1-0..v1.21.2-0
|
||||
```
|
||||
|
||||
This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data.
|
||||
This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data. It allows for memory exhaustion in the situation that HTTP chuncked encoding requests can reach Forgejo.
|
||||
|
||||
* Recommended Action
|
||||
|
||||
|
|
Loading…
Reference in a new issue