Changes in v1.3.8
- Update golang.org/x/crypto to v0.40.0 to address security vulnerabilities
- Update golang.org/x/net to v0.42.0 to address security vulnerabilities
This release addresses several security vulnerabilities in dependencies:
-
Fixed critical and high severity issues in golang.org/x/crypto:
- Misuse of ServerConfig.PublicKeyCallback that could cause authorization bypass
- Denial of Service (DoS) vulnerability via Slow or Incomplete Key Exchange
-
Fixed medium severity issues in golang.org/x/net:
- Cross-site Scripting vulnerability
- HTTP Proxy bypass using IPv6 Zone IDs