cbor v1.1.2 Release Notes

Release Date: 2019-10-23 // over 1 year ago
  • Prevent an inappropriate use of BinaryUnmarshaler.

    Specifically, don't allow CBOR byte string (major type 2) as input to Go's Time.UnmarshalBinary.

    ๐Ÿ‘€ Time values should only be encoded/decoded using these CBOR data types: pos or neg integer, float, and text string. For more info, see RFC 7049 section 2.4.1.

    ๐Ÿ‘€ For details, see commit 34ffc3a.

    ๐Ÿš€ This release passed 24+ hours of fuzzing with fxamacker/cbor-fuzz v0.6.0.