jub0bs

@[email protected]
195 Followers
185 Following
486 Posts

#infosec enthusiast • #golang dev & trainer • contributor to the Go project • minimalist • chaotic good • trying to make sense of the Web • he/him
Free Go course: https://github.com/jub0bs/go-course-beginner

Free 🇵🇸! Leave 🇱🇧 alone!

Websitehttps://jub0bs.com
Blueskyhttps://bsky.app/profile/jub0bs.com
GitHubhttps://github.com/jub0bs
Xhttps://x.com/login?redirect_after_login=https%3A%2F%2Fx.com%2Flogout%3Fredirect_after_logout%3Dhttps%253A%252F%252Fjub0bs.com
jub0bsMay 3

What a fall from grace for HackerOne, once my favourite bug-bounty platform. 😬

"HackerOne triage analyst incorrectly closes the report as a duplicate [...]"

https://clickup.com/blog/april-27th-update/

April 27th - What happened with our feature flag configuration | The ClickUp Blog

On April 27, 2026, a security researcher publicly disclosed that ClickUp’s client-side feature flag configuration exposed personally identifiable information. Specifically, 893 customer email addresses were embedded in feature flag targeting rules, along with one flag that improperly referenced a customer’s API token, used during an incident response to rate-limit traffic from that workspace. We should […]

The ClickUp Blog
jub0bsMay 1

v0.13.3 through v1.0.1 of https://github.com/jub0bs/cors contain an embarrassing bug that affects functionality (though not security). Thanks to Herman Slatman for reporting it. 🙇

The bug is fixed in v1.0.2. Update when you can.

GitHub - jub0bs/cors: perhaps the best CORS middleware library for Go

perhaps the best CORS middleware library for Go. Contribute to jub0bs/cors development by creating an account on GitHub.

GitHub
jub0bsApr 28
I've just filed a #golang issue aiming to explicitly exclude error messages from the Go 1 compatibility promise: https://github.com/golang/go/issues/78991
x/website: explicitly exclude error messages from the Go 1 compatibility promise · Issue #78991 · golang/go

The document that specifies the Go 1 compatibility promise ("go1compat" for short) lists a number of exclusions: Security. A security issue in the specification or implementation may come to light ...

GitHub
jub0bsApr 25

Thanks for the shoutout to github.com/jub0bs/cors on the latest episode, @cupogo! 🙇

https://share.transistor.fm/s/d0db5dcf

#golang

Cup o' Go | Builds, Validation, Web3, CORS, Typescript-- wait this is a Go show?! with Paweł Zaremba

Visit cupogo.dev for show notes, Patreon link, Swag and more!proposal: cmd/go: add -buildversion build flagValidating data in Go by Phillipp Winter: https://nymity.ch/writing/articles/validation/ETHWarsaw Event Calendar: Meetups, Conference & HackathonUpcoming GoSF meetup: Go Meetup in San...

jub0bsApr 11

Issue 596 of the Golang Weekly newsletter mentions the v1 release of github.com/jub0bs/cors. Nice! #golang

https://golangweekly.com/issues/596

Golang Weekly Issue 596: April 10, 2026

jub0bsApr 11

There are no benign data races. In fact, some are lethal. ☠️

https://en.wikipedia.org/wiki/Therac-25

Therac-25 - Wikipedia

jub0bsApr 7

🎉 After a few years of refinement and close to 1 << 9 commits, I'm pleased to announce the v1 release of my CORS middleware library for Go.

Let me know whether it patches things up between you and CORS!

https://github.com/jub0bs/cors

#golang #CORS

GitHub - jub0bs/cors: perhaps the best CORS middleware library for Go

perhaps the best CORS middleware library for Go. Contribute to jub0bs/cors development by creating an account on GitHub.

GitHub
jub0bsMar 27

I love how the conjunction of #golang's modules system and build constraints lets you have your cake and eat it too! 🍰

You can let users of your library take advantage of the bleeding edge if they so wish without cutting off one of the currently supported Go toolchains.

When something tantalising gets merged at tip, you can put code that relies on it in a file guarded by a //go:build go1.27 build constraint and its pre-1.27 counterpart in a file guarded by a //go:build !go1.27 build constraint. No need to update your go.mod's go directive.

jub0bsMar 26

Even when you cannot eliminate all bounds checks within a loop, eliminating most of them may benefit performance. 😉
#golang

https://go-review.googlesource.com/c/go/+/759100

Show threadjub0bsMar 25
Unfortunately, this proposal would require a breaking change. Therefore, I've decided to retract it.