I updated my list of Go interfaces with these releases:
2018-02-07 22:24 GMT+01:00 Nathan Kerr <nat...@pocketgophers.com>:
> I updated my release related resources with these releases:
> - When Should You Upgrade Go?
> - Go Release Timeline <https://pocketgophers.com/go-release-timeline/>
> On Wednesday, February 7, 2018 at 1:15:13 PM UTC-7, Andrew Bonventre wrote:
>> Hi gophers,
>> We have just released Go 1.8.7, Go 1.9.4, and Go 1.10rc2, to address a
>> recently-reported security issue. We recommend that all users update to one
>> of these releases (if you’re not sure which, choose Go 1.9.4).
>> By using the clang or gcc plugin mechanism, it was possible for an
>> attacker to trick the “go get” command into executing arbitrary code. The
>> go command now restricts the set of allowed host compiler and linker
>> arguments in cgo source files to a list of allowed flags, in particular
>> disallowing -fplugin= and -plugin=.
>> The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the
>> Go issue for details.
>> Thanks to Christopher Brown of Mattermost for reporting this problem.
>> Downloads are available at https://golang.org/dl for all supported
>> Andy (on behalf of the Go team)
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.