The Go project reports:
archive/zip: mishandling of corrupt central directory record
The archive/zip package's handling of certain types of
invalid zip files differed from the behavior of most zip
implementations. This misalignment could be exploited to
create an zip file with contents that vary depending on the
implementation reading the file. The archive/zip package now
rejects files containing these errors.
net/netip: unexpected behavior from Is methods for
IPv4-mapped IPv6 addresses
The various Is methods (IsPrivate, IsLoopback, etc) did
not work as expected for IPv4-mapped IPv6 addresses,
returning false for addresses which would return true in
their traditional IPv4 forms.