This release is a patch release for v1.3.0.
It contains a cherry-pick for a security issue reported in #805, which takes advantage of the default behavior of Go's standard library JSON decoder that allows case-insensitive matches to struct field names (or "json" tags). The issue has been addressed by changing the JSON decoder to one that supports case sensitive matching.
Fixes
- all: use case-sensitive JSON unmarshaling by @maciej-kisiel in #807
New external dependencies
- https://github.com/segmentio/encoding, which is the package that provides the new decoder.
Full Changelog: v1.3.0...v1.3.1