Skip to content

Limit reading bytes instead of ReadAll (#35928) #35934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 12, 2025
Merged

Limit reading bytes instead of ReadAll (#35928) #35934

merged 1 commit into from
Nov 12, 2025
+64 −30

Conversation

@GiteaBot
Copy link
Collaborator

@GiteaBot GiteaBot commented Nov 12, 2025
edited by wxiaoguang
Loading

Backport #35928 by wxiaoguang

@GiteaBot GiteaBot added modifies/frontend modifies/go Pull requests that update Go code type/bug labels Nov 12, 2025
@GiteaBot GiteaBot added this to the 1.25.2 milestone Nov 12, 2025
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 12, 2025
@wxiaoguang wxiaoguang changed the title Limit read bytes instead of ReadAll (#35928) Limit reading bytes instead of ReadAll (#35928) Nov 12, 2025
@wxiaoguang wxiaoguang enabled auto-merge (squash) November 12, 2025 11:45
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 12, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 12, 2025
@silverwind silverwind disabled auto-merge November 12, 2025 18:26
@wxiaoguang wxiaoguang merged commit 01fa8b2 into go-gitea:release/v1.25 Nov 12, 2025
26 checks passed
@delvh
Copy link
Member

delvh commented Nov 13, 2025

It does sound a little bit strange to me to backport a possibly breaking change for users.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Nov 13, 2025

It does sound a little bit strange to me to backport a possibly breaking change for users.

How does it break?

And it indeed is a "security fix" to avoid DoS attack.

@delvh
Copy link
Member

delvh commented Nov 13, 2025

Let's assume you had a large workflow file.
You do a minor version upgrade and suddenly it doesn't work as intended anymore.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Nov 13, 2025

Let's assume you had a large workflow file. You do a minor version upgrade and suddenly it doesn't work as intended anymore.

Why a workflow file can be that large?

@delvh
Copy link
Member

delvh commented Nov 13, 2025

I don't know, humans are strange.
The chance of anyone being affected is really low, but it is not 0.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Nov 13, 2025

Hmm, let's wait and see. I will handle related issue reports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@silverwind silverwind silverwind approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

@ChristopherHX ChristopherHX Awaiting requested review from ChristopherHX

@delvh delvh Awaiting requested review from delvh

@lunny lunny Awaiting requested review from lunny

Assignees

@wxiaoguang wxiaoguang

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code type/bug

Projects

None yet

Milestone

1.25.2

Development

Successfully merging this pull request may close these issues.

4 participants

@GiteaBot @delvh @wxiaoguang @silverwind