@FiloSottile requested issue #54288 to be considered for backport to the next 1.19 minor release.
Ah, yeah, functions with an error return value should definitely return an error, not panic. I'll do a pass of all the marshal-side paths, and see if there are other issues like this.
@gopherbot please open a backport issue to Go 1.19. I don't think this is a security issue because the attacker can't control the curve of a certificate being marshaled, but panic'ing where we were returning an error is a regression and we should quash it.
The text was updated successfully, but these errors were encountered: