cbor v1.1.2 Release Notes
Release Date: 2019-10-23 // over 4 years ago-
Prevent an inappropriate use of BinaryUnmarshaler.
Specifically, don't allow CBOR byte string (major type 2) as input to Go's Time.UnmarshalBinary.
👀 Time values should only be encoded/decoded using these CBOR data types: pos or neg integer, float, and text string. For more info, see RFC 7049 section 2.4.1.
👀 For details, see commit 34ffc3a.
🚀 This release passed 24+ hours of fuzzing with fxamacker/cbor-fuzz v0.6.0.