Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Biason::Julio::new(); (juliobiason@functional.cafe)'s status on Monday, 14-Dec-2020 13:53:05 EST Biason::Julio::new(); Biason::Julio::new();

    You guys know I like to bash Go, but... FUCK!

    "The Go security team has determined that the root causes of the vulnerabilities cannot be reliably addressed."

    Ok, your language design has some serious flaw that can't be fixed, so they are basically saying "Yup, a core library is going to be vulnerable for a long time".

    Also, this is going since August 2020, according to the related post. Project Zero works way fast (30 days) to disclose issues on every other project, but on a project from their own company, 4 months.

    Google surely cares about the well-being of the internet, sure.

    Link: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/

    In conversation Monday, 14-Dec-2020 13:53:05 EST from functional.cafe permalink

    Attachments

    1. Coordinated disclosure of XML round-trip vulnerabilities in Go XML
      By Juho Nurminen from Mattermost - Open-source collaboration, self-managed or SaaS
      Coordinated disclosure of XML round-trip vulnerabilities in Go’s standard library
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.