Hello gophers, We have just released go1.25rc3, a release candidate version of Go 1.25. It is cut from release-branch.go1.25 at the revision tagged go1.25rc3.
This release includes 2 security fixes following the security policy <https://go.dev/doc/security/policy>: - os/exec: LookPath may return unexpected paths If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. Thanks to Olivier Mengué for reporting this issue. This is CVE-2025-47906 and Go issue https://go.dev/issue/74466. - database/sql: incorrect results returned from Rows.Scan Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error. We believe this affects most database/sql drivers. Thanks to Spike Curtis from Coder for reporting this issue. This is CVE-2025-47907 and https://go.dev/issue/74831. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable. Report any problems using the issue tracker: https://go.dev/issue/new If you have Go installed already, an easy way to try go1.25rc3 is by using the go command: $ go install golang.org/dl/go1.25rc3@latest $ go1.25rc3 download You can download binary and source distributions from the usual place: https://go.dev/dl/#go1.25rc3 To find out what has changed in Go 1.25, read the draft release notes: https://tip.golang.org/doc/go1.25 Cheers, Mark and Dmitri for the Go team -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/CA%2BON-PHpyJ8WASfamUfDfbsyJ8AnMbCBDF9nNQWxPq3xuUf%3DKA%40mail.gmail.com.
