A security issue was found in Go before version 1.16.1. The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with “../”.
A security issue was found in Go before version 1.16.1. The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with “../”.
https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw https://github.com/golang/go/issues/44916 https://github.com/golang/go/commit/634d28d78ccbeb6e86f8bfeba030ea8be518f8fa