gov.lr gov.ls gov.lt gov.lv gov.ly gov.ma gov.me gov.mg gov.mk gov.ml gov.mn gov.mo gov.mr gov.ms gov.mu gov.mv gov.mw gov.my gov.mz gov.nc.tr gov.ng gov.nl gov.nr gov.om gov.ph gov.pk gov.pl gov.pn gov.pr gov.ps gov.pt gov.py gov.qa gov.rs gov.ru gov.rw gov.sa gov.sb gov.sc gov.scot gov.sd gov.sg gov.sh gov.sl gov.so gov.ss gov.sx gov.sy gov.tj gov.tl gov.tm gov.tn gov.to gov.tr gov.tt gov.tw gov.ua gov.uk gov.vc gov.ve gov.vn gov.ws gov.ye gov.za gov.zm gov.zw government.aero govt.nz gp gq gr gr.com...

g12.br
geo.br
ggf.br
goiania.br
gov.br
// gov.br 26 states + df https://en.wikipedia.org/wiki/States_of_Brazil
ac.gov.br
al.gov.br
am.gov.br
ap.gov.br
ba.gov.br
ce.gov.br
df.gov.br
es.gov.br
go.gov.br
ma.gov.br
mg.gov.br
ms.gov.br
mt.gov.br
pa.gov.br
pb.gov.br
pe.gov.br
pi.gov.br
pr.gov.br
rj.gov.br
rn.gov.br
ro.gov.br
rr.gov.br
rs.gov.br
sc.gov.br

United States and other governments.
It is your responsibility to ensure that your use and/or transfer does not
violate applicable laws.

For more information, please see https://www.bis.doc.gov

# MinIO FIPS Builds

MinIO creates FIPS builds using a patched version of the Go compiler (that uses BoringCrypto, from BoringSSL, which is [FIPS 140-2 validated](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2964.pdf)) published by the Golang Team [here](https://github.com/golang/go/tree/dev.boringcrypto/misc/boring).

// <suffix>          ::= <binarySI> | <decimalExponent> | <decimalSI>
// <binarySI>        ::= Ki | Mi | Gi | Ti | Pi | Ei
//
// 	(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
//
// <decimalSI>       ::= m | "" | k | M | G | T | P | E
//
// 	(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
//

 [bom]: https://docs.gradle.org/6.2/userguide/platforms.html#sub:bom_import
 [bouncy_castle_releases]: https://www.bouncycastle.org/releasenotes.html
 [CVE-2021-0341]: https://nvd.nist.gov/vuln/detail/CVE-2021-0341
 [CVE-2022-24329]: https://nvd.nist.gov/vuln/detail/CVE-2022-24329
 [dev_server]: https://github.com/square/okhttp/blob/482f88300f78c3419b04379fc26c3683c10d6a9d/samples/guide/src/main/java/okhttp3/recipes/kt/DevServer.kt

  CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library "net" results in indeterminate SSRF & RFI vulnerabilities.
  Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 ([#104368](https://github.com/kubernetes/kubernetes/pull/104368), [@aojea](https://github.com/aojea))

## Security

* TF is currently using giflib 5.2.1 which has [CVE-2022-28506](https://nvd.nist.gov/vuln/detail/CVE-2022-28506). TF is not affected by the CVE as it does not use `DumpScreen2RGB` at all.