diff options
| author | Roland Shoemaker <roland@golang.org> | 2022-10-13 11:11:22 -0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2022-10-13 18:26:45 +0000 |
| commit | 36ca37f3a04aac4b67aa7fe3cfe480c891d0d53f (patch) | |
| tree | 2d261d072228281bd6c1600124c4dbd31e56f5d9 /src/encoding | |
| parent | 1ef685fb7ba413c6f5943cc1aa61de911a7ef29a (diff) | |
| download | go-36ca37f3a04aac4b67aa7fe3cfe480c891d0d53f.tar.xz | |
encoding/gob: note pacakge not covered by security policy
And add a link. Resolves a comment left on http://go.dev/cl/436096
after it was submitted.
Change-Id: I2847d29134ffb4fee2b0ea37842cdf57df55ec0c
Reviewed-on: https://go-review.googlesource.com/c/go/+/442816
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'src/encoding')
| -rw-r--r-- | src/encoding/gob/doc.go | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/encoding/gob/doc.go b/src/encoding/gob/doc.go index 04cb0ac471..15473f18b2 100644 --- a/src/encoding/gob/doc.go +++ b/src/encoding/gob/doc.go @@ -279,10 +279,11 @@ https://blog.golang.org/gobs-of-data # Security -This package is not designed to be hardened against adversarial inputs. In -particular, the Decoder does only basic sanity checking on decoded input sizes, -and its limits are not configurable. Care should be taken when decoding gob data -from untrusted sources, which may consume significant resources. +This package is not designed to be hardened against adversarial inputs, and is +outside the scope of https://go.dev/security/policy. In particular, the Decoder +does only basic sanity checking on decoded input sizes, and its limits are not +configurable. Care should be taken when decoding gob data from untrusted +sources, which may consume significant resources. */ package gob |