You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
upgrade v1.4.1
About this tag
The tag 'upgrade v1.4.1' on WindowsForum.com covers discussions about upgrading to version 1.4.1 of the Gorilla Schema library for Go. This version addresses CVE-2024-37298, a high-severity denial-of-service vulnerability that could cause unbounded memory allocation when decoding form or query parameters into structs with nested slices. The patch introduces a configurable slice size cap and defensive checks. Users are advised to upgrade to v1.4.1 or apply mitigations to protect against this availability risk.
A high‑severity denial‑of‑service vulnerability — tracked as CVE‑2024‑37298 — was disclosed in the popular Go library github.com/gorilla/schema, allowing an attacker to force unbounded memory allocations when the library decodes form or query parameters into structs that contain slices of nested...