[BUG] v1.5.2 checksum mismatch

[ghost]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The module checksum for v1.5.2 in this repository does not match the checksum recorded in Go's checksum database.

Expected Behavior

No checksum mismatch.

Steps To Reproduce

Run the following commands to observe the security error:

mkdir fail
cd fail
go mod init fail.com
go clean --modcache
GOPROXY=direct go get github.com/gorilla/[email protected]

Anything else?

https://go.dev/ref/mod#authenticating

[FZambia]

I can't believe I observe this happening with the project I love...

Dear maintainers, never remove tags. It's the second time you do this.

[jaitaiwan]

Thanks for bringing this to my attention, I’ll discuss with the other maintainers.

[AlexVulaj]

Thanks for pointing this out - coincidentally we just cut release https://github.com/gorilla/websocket/releases/tag/v1.5.3 which should be stable.

[houseme]

It is recommended to add time to the pre-release version and retain it. If you delete the version directly, it will cause the go get operation to fail.

[FZambia]

Consider retracting v1.5.2 - https://go.dev/ref/mod#go-mod-file-retract