mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

encoding/gob: note pacakge not covered by security policy 

And add a link. Resolves a comment left on http://go.dev/cl/436096
after it was submitted.

Change-Id: I2847d29134ffb4fee2b0ea37842cdf57df55ec0c
Reviewed-on: https://go-review.googlesource.com/c/go/+/442816
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Roland Shoemaker 2022-10-13 11:11:22 -07:00 committed by Gopher Robot
parent 1ef685fb7b
commit 36ca37f3a0
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/encoding/gob/doc.go
View File

@ -279,10 +279,11 @@ https://blog.golang.org/gobs-of-data
# Security # Security
This package is not designed to be hardened against adversarial inputs. In This package is not designed to be hardened against adversarial inputs, and is
particular, the Decoder does only basic sanity checking on decoded input sizes, outside the scope of https://go.dev/security/policy. In particular, the Decoder
and its limits are not configurable. Care should be taken when decoding gob data does only basic sanity checking on decoded input sizes, and its limits are not
from untrusted sources, which may consume significant resources. configurable. Care should be taken when decoding gob data from untrusted
sources, which may consume significant resources.
*/ */
package gob package gob