doc/go1.15: add release notes for io/ioutil

For #37419.

Change-Id: I6c7a7e9c91f7691a6ba2a7ac4dad92c64b48962f
Reviewed-on: https://go-review.googlesource.com/c/go/+/236658
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

diff --git a/doc/go1.15.html b/doc/go1.15.html
index d17888732b595fcbef9ae4731efaf2dbbeffceb5..0c345f22e25664fc713b9bb224c15c731ddaa74c 100644 (file)
--- a/doc/go1.15.html
+++ b/doc/go1.15.html
@@ -395,7 +395,11 @@ TODO
 <dl id="io/ioutil"><dt><a href="/pkg/io/ioutil/">io/ioutil</a></dt>
   <dd>
     <p><!-- CL 212597 -->
-      TODO: <a href="https://golang.org/cl/212597">https://golang.org/cl/212597</a>: reject path separators in TempDir, TempFile pattern
+      <a href="/pkg/io/ioutil/#TempDir"><code>TempDir</code></a> and
+      <a href="/pkg/io/ioutil/#TempFile"><code>TempFile</code></a>
+      now reject patterns that contain path separators.
+      That is, calls such as <code>ioutil.TempFile("/tmp",</code> <code>"../base*")</code> will no longer succeed.
+      This prevents unintended directory traversal.
     </p>
   </dd>
 </dl><!-- io/ioutil -->