From c6556b8eb3444b6d5473762ed1082039db7e03b5 Mon Sep 17 00:00:00 2001
From: Joe Tsai <joetsai@digital-static.net>
Date: Mon, 30 Jun 2025 22:17:41 -0700
Subject: encoding/json/v2: add security section to doc

This follows up CL 684315 with an expanded section in the v2 doc.

Updates #14750
Updates #71845

Change-Id: I1ffa97e030f5f2b709e8142028e3c8e0e38b80ce
Reviewed-on: https://go-review.googlesource.com/c/go/+/685195
Auto-Submit: Joseph Tsai <joetsai@digital-static.net>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 src/encoding/json/v2_encode.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/encoding/json/v2_encode.go')

diff --git a/src/encoding/json/v2_encode.go b/src/encoding/json/v2_encode.go
index cbb167dbd0..c2d620bcbb 100644
--- a/src/encoding/json/v2_encode.go
+++ b/src/encoding/json/v2_encode.go
@@ -10,6 +10,14 @@
 //
 // See "JSON and Go" for an introduction to this package:
 // https://golang.org/doc/articles/json_and_go.html
+//
+// # Security Considerations
+//
+// See the "Security Considerations" section in [encoding/json/v2].
+//
+// For historical reasons, the default behavior of v1 [encoding/json]
+// unfortunately operates with less secure defaults.
+// New usages of JSON in Go are encouraged to use [encoding/json/v2] instead.
 package json
 
 import (
-- 
cgit v1.3