-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multipart reader regression in go 1.17 #8445
Comments
Next step:
|
The CI passes with 1.17 but not with 1.16, so I believe we can consider this confirmed. But yeah, we can just not use 1.17 when we release. |
I believe this should be the other way around: The CI passes with 1.16 but not with 1.17. Is this a bug in the standard library? |
Uh, yes, you're right. And it might be a bug, or they might be getting more strict. |
This is probably due to golang/go@784ef4c5313, which fixes golang/go#45789. |
Now the question is, have we been using the multipart reader in an incorrect way, potentially creating a security issue as described in the Go issue, or is this something we should work around by reimplementing the Go 1.16 behavior? @Stebalien? |
We've been using it exactly as we intended. |
Fix in ipfs/go-ipfs-files#42 |
Remaining work: tag a new release of https://github.com/ipfs/go-ipfs-files and switch go-ipfs to it in a PR that closes this issue + the one about timestamps. |
fixes ipfs/kubo#8445 This commit was moved from ipfs/go-ipfs-files@55e9e3f
Checklist
Installation method
built from source
Version
No response
Config
No response
Description
See the test failure in ipfs/go-ipfs-files#40:
This isn't a flake so something is going wrong. I'm not sure if this affects production, but we should figure it out before releasing.
The text was updated successfully, but these errors were encountered: