[go-nuts] [security] Go 1.22.3 and Go 1.21.10 pre-announcement

Hello gophers, We plan to issue Go 1.22.3 and Go 1.21.10 during US business hours on Tuesday, May 7. These minor releases include PRIVATE security fixes to the standard library and the toolchain, covering the following CVE: - CVE-2024-24787 Following our security policy, this is the

[go-nuts] [security] Go 1.22.2 and Go 1.21.9 are released

Hello gophers, We have just released Go versions 1.22.2 and 1.21.9, minor point releases. These minor releases include 1 security fixes following the security policy : - http2: close connections when receiving too many headers Maintaining HPACK state

[go-nuts] [security] Go 1.22.2 and Go 1.21.9 pre-announcement

Hello gophers, We plan to issue Go 1.22.2 and Go 1.21.9 during US business hours on Wednesday, April 3. These minor releases include PRIVATE security fixes to the standard library, covering the following CVE: - CVE-2023-45288 Following our security policy, this is the pre-announcement

[go-nuts] [security] Go 1.22.1 and Go 1.21.8 are released

Hello gophers, We have just released Go versions 1.22.1 and 1.21.8, minor point releases. These minor releases include 5 security fixes following the security policy : - crypto/x509: Verify panics on certificates with an unknown public key algorithm

[go-nuts] [security] Go 1.22.1 and Go 1.21.8 pre-announcement

Hello gophers, We plan to issue Go 1.22.1 and Go 1.21.8 during US business hours on Tuesday, March 5. These minor releases include PRIVATE security fixes to the standard library, covering the following CVEs: - CVE-2023-45289 - CVE-2023-45290 - CVE-2023-45289 Following our

[go-nuts] Go 1.22.0 is released

Hello gophers, We have just released Go 1.22.0. To find out what has changed in Go 1.22, read the release notes: https://go.dev/doc/go1.22 You can download binary and source distributions from our download page: https://go.dev/dl/#go1.22.0 If you have Go installed already, an easy way to try

[go-nuts] Go 1.21.7 and Go 1.20.14 are released

Hello gophers, We have just released Go versions 1.21.7 and 1.20.14, minor point releases. View the release notes for more information: https://go.dev/doc/devel/release#go1.21.7 You can download binary and source distributions from the Go website: https://go.dev/dl/ To compile from source

[go-nuts] Go 1.22 Release Candidate 2 is released

Hello gophers, We have just released go1.22rc2, a release candidate version of Go 1.22. It is cut from release-branch.go1.22 at the revision tagged go1.22rc2. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] Go 1.21.6 and Go 1.20.13 are released

Hello gophers, We have just released Go versions 1.21.6 and 1.20.13, minor point releases. View the release notes for more information: https://go.dev/doc/devel/release#go1.21.6 You can download binary and source distributions from the Go website: https://go.dev/dl/ To compile from source

[go-nuts] Go 1.22 Release Candidate 1 is released

Hello gophers, We have just released go1.22rc1, a release candidate version of Go 1.22. It is cut from release-branch.go1.22 at the revision tagged go1.22rc1. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] [security] Go 1.21.5 and Go 1.20.12 are released

Hello gophers, We have just released Go versions 1.21.5 and 1.20.12, minor point releases. These minor releases include 3 security fixes following the security policy : - net/http: limit chunked data overhead A malicious HTTP sender can use chunk

[go-nuts] [security] Go 1.21.5 and Go 1.20.12 pre-announcement

Hello gophers, We plan to issue Go 1.21.5 and Go 1.20.12 during US business hours on Tuesday, December 5. These minor releases include PRIVATE security fixes to the standard library, covering the following CVE: - CVE-2023-39326 Following our security policy, this is the

[go-nuts] [security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers, We have just released Go versions 1.21.4 and 1.20.11, minor point releases. These minor releases include 2 security fixes following the security policy : - path/filepath: recognize \\??\\ as a Root Local Device path prefix. On Windows, a

[go-nuts] [security] Go 1.21.3 and Go 1.20.10 are released

Hello gophers, We have just released Go versions 1.21.3 and 1.20.10, minor point releases. These minor releases include 1 security fixes following the security policy : - net/http: rapid stream resets can cause excessive work A malicious HTTP/2 client

[go-nuts] [security] Go 1.21.3 and Go 1.20.10 pre-announcement

Hello gophers, We plan to issue Go 1.21.3 and Go 1.20.10 during US business hours on Tuesday, October 10. These minor releases include PRIVATE security fixes to the standard library, covering the following CVE: - CVE-2023-39325 Following our security policy, this is the

[go-nuts] [security] Go 1.21.2 and Go 1.20.9 are released

Hello gophers, We have just released Go versions 1.21.2 and 1.20.9, minor point releases. These minor releases include 1 security fixes following the security policy : - cmd/go: line directives allows arbitrary execution during build "//line" directives

[go-nuts] [security] Go 1.21.2 and Go 1.20.9 pre-announcement

Hello gophers, We plan to issue Go 1.21.2 and Go 1.20.9 during US business hours on Thursday, October 5. These minor releases include PRIVATE security fixes to the toolchain, covering the following CVE: - CVE-2023-39323 Following our security policy, this is the pre-announcement of

[go-nuts] [security] Go 1.21.1 and Go 1.20.8 pre-announcement

Hello gophers, We plan to issue Go 1.21.1 and Go 1.20.8 during US business hours on Wednesday, September 6. These minor releases include PRIVATE security fixes to the standard library and the toolchain, covering the following CVEs: - CVE-2023-39318 - CVE-2023-39319 -

[go-nuts] Go 1.21.0 is released

Hello gophers, We have just released Go 1.21.0. To find out what has changed in Go 1.21, read the release notes: https://go.dev/doc/go1.21 You can download binary and source distributions from our download page: https://go.dev/dl/#go1.21.0 If you have Go installed already, an easy way to try

[go-nuts] Go 1.21 Release Candidate 4 is released

Hello gophers, We have just released go1.21rc4, a release candidate version of Go 1.21. It is cut from release-branch.go1.21 at the revision tagged go1.21rc4. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] [security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers, We have just released Go versions 1.20.7 and 1.19.12, minor point releases. These minor releases include 1 security fixes following the security policy : - crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA

[go-nuts] [security] Go 1.20.7 and Go 1.19.12 pre-announcement

Hello gophers, We plan to issue Go 1.20.7 and Go 1.19.12 during US business hours on Tuesday, August 1. These minor releases include PRIVATE security fixes to the standard library, covering the following CVE: - CVE-2023-29409 Following our security policy, this is the pre-announcement

[go-nuts] Go 1.21 Release Candidate 3 is released

Hello gophers, We have just released go1.21rc3, a release candidate version of Go 1.21. It is cut from release-branch.go1.21 at the revision tagged go1.21rc3. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] [security] Go 1.20.6 and Go 1.19.11 are released

Hello gophers, We have just released Go versions 1.20.6 and 1.19.11, minor point releases. These minor releases include 1 security fixes following the security policy : - net/http: insufficient sanitization of Host header The HTTP/1 client did not fully

[go-nuts] [security] Go 1.20.5 and Go 1.19.10 are released

Hello gophers, We have just released Go versions 1.20.5 and 1.19.10, minor point releases. These minor releases include 3 security fixes following the security policy : - cmd/go: cgo code injection The go command may generate unexpected code at build

[go-nuts] [security] Go 1.20.5 and Go 1.19.10 pre-announcement

Hello gophers, We plan to issue Go 1.20.5 and Go 1.19.10 during US business hours on Tuesday, June 6. These minor releases include PRIVATE security fixes to the standard library and the toolchain, covering the following CVEs: - CVE-2023-29402 - CVE-2023-29403 -

[go-nuts] [security] Go 1.20.4 and Go 1.19.9 are released

Hello gophers, We have just released Go versions 1.20.4 and 1.19.9, minor point releases. These minor releases include 3 security fixes following the security policy : - html/template: improper sanitization of CSS values Angle brackets (<>) were not

[go-nuts] [security] Go 1.20.4 and Go 1.19.9 pre-announcement

Hello gophers, We plan to issue Go 1.20.4 and Go 1.19.9 during US business hours on Tuesday, May 2. These minor releases include PRIVATE security fixes to the standard library, covering the following CVEs: - CVE-2023-24539 - CVE-2023-24540 - CVE-2023-29400 Following our

[go-nuts] [security] Go 1.20.3 and Go 1.19.8 pre-announcement

Hello gophers, We plan to issue Go 1.20.3 and Go 1.19.8 during US business hours on Tuesday, April 4. These minor releases include PRIVATE security fixes to the standard library, covering the following CVEs: - CVE-2023-24534 - CVE-2023-24536 - CVE-2023-24537 -

[go-nuts] [security] Go 1.20.2 and Go 1.19.7 are released

Hello gophers, We have just released Go versions 1.20.2 and 1.19.7, minor point releases. These minor releases include 1 security fixes following the security policy : - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results The

[go-nuts] [security] Go 1.20.1 and Go 1.19.6 are released

Hello gophers, We have just released Go versions 1.20.1 and 1.19.6, minor point releases. These minor releases include 4 security fixes following the security policy : - path/filepath: path traversal in filepath.Clean on Windows On Windows, the

[go-nuts] [security] Go 1.20.1 and Go 1.19.6 pre-announcement

Hello gophers, We plan to issue Go 1.20.1 and Go 1.19.6 during US business hours on Tuesday, February 14. These minor releases include PRIVATE security fixes to the standard library. Following our security policy, this is the pre-announcement of those releases. Thanks, The Go team -- You

[go-nuts] Go 1.20 Release Candidate 3 is released

Hello gophers, We have just released go1.20rc3, a release candidate version of Go 1.20. It is cut from release-branch.go1.20 at the revision tagged go1.20rc3. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] Go 1.19.5 and Go 1.18.10 are released

Hello gophers, We have just released Go versions 1.19.5 and 1.18.10, minor point releases. View the release notes for more information: https://go.dev/doc/devel/release#go1.19.5 You can download binary and source distributions from the Go website: https://go.dev/dl/ To compile from source

[go-nuts] Go 1.20 Release Candidate 2 is released

Hello gophers, We have just released go1.20rc2, a release candidate version of Go 1.20. It is cut from release-branch.go1.20 at the revision tagged go1.20rc2. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] Go 1.20 Release Candidate 1 is released

Hello gophers, We have just released go1.20rc1, a release candidate version of Go 1.20. It is cut from release-branch.go1.20 at the revision tagged go1.20rc1. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] [security] Go 1.19.4 and Go 1.18.9 are released

Hello gophers, We have just released Go versions 1.19.4 and 1.18.9, minor point releases. These minor releases include 2 security fixes following the security policy : - os, net/http: avoid escapes from os.DirFS and http.Dir on Windows The os.DirFS

[go-nuts] [security] Go 1.19.4 and Go 1.18.9 pre-announcement

Hello gophers, We plan to issue Go 1.19.4 and Go 1.18.9 during US business hours on Tuesday, December 6. These minor releases include PRIVATE security fixes to the standard library. Following our security policy, this is the pre-announcement of those releases. Thanks, Jenny and Cherry for the

[go-nuts] [security] Go 1.19.3 and Go 1.18.8 are released

Hello gophers, We have just released Go versions 1.19.3 and 1.18.8, minor point releases. These minor releases include 1 security fixes following the security policy : - syscall, os/exec: unsanitized NUL in environment variables On Windows,

[go-nuts] [security] Go 1.19.3 and Go 1.18.8 pre-announcement

Hello gophers, We plan to issue Go 1.19.3 and Go 1.18.8 on Tuesday, November 1. These minor releases include PRIVATE security fixes to the standard library. Following our security policy, this is the pre-announcement of those releases. Thanks, Tatiana and Heschi for the Go team -- You

[go-nuts] [security] Go 1.19.2 and Go 1.18.7 are released

Hello gophers, We have just released Go versions 1.19.2 and 1.18.7, minor point releases. These minor releases include 3 security fixes following the security policy : - archive/tar: unbounded memory consumption when reading headers Reader.Read did not

[go-nuts] [security] Go 1.19.2 and Go 1.18.7 pre-announcement

Hello gophers, We plan to issue Go 1.19.2 and Go 1.18.7 on Tuesday, October 4. These minor releases include PRIVATE security fixes to the standard library. Following our security policy, this is the pre-announcement of those releases. Thanks, The Go team -- You received this message because

[go-nuts] [security] Go 1.19.1 and Go 1.18.6 are released

Hello gophers, We have just released Go versions 1.19.1 and 1.18.6, minor point releases. These minor releases include 2 security fixes following the security policy : - net/http: handle server errors after sending GOAWAY A closing HTTP/2 server

[go-nuts] [security] Go 1.19.1 and Go 1.18.6 pre-announcement

Hello gophers, We plan to issue Go 1.19.1 and Go 1.18.6 on Tuesday, September 6. These minor releases include PRIVATE security fixes to the standard library. Following our security policy, this is the pre-announcement of those releases. Thanks, Damien for the Go team -- You received this

[go-nuts] Go 1.19 is released

Hello gophers, We have just released Go 1.19. To find out what has changed in Go 1.19, read the release notes: https://go.dev/doc/go1.19 You can download binary and source distributions from our download page: https://go.dev/dl/#go1.19 If you have Go installed already, an easy way to try

[go-nuts] [security] Go 1.18.5 and Go 1.17.13 are released

Hello gophers, We have just released Go versions 1.18.5 and 1.17.13, minor point releases. These minor releases include 1 security fixes following the security policy : - encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding

[go-nuts] Go 1.19 Release Candidate 2 is released

Hello gophers, We have just released go1.19rc2, a release candidate version of Go 1.19. It is cut from release-branch.go1.19 at the revision tagged go1.19rc2. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] [security] Go 1.18.4 and Go 1.17.12 are released

Hello gophers, We have just released Go versions 1.18.4 and 1.17.12, minor point releases. These minor releases include 9 security fixes following the security policy : - net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client

[go-nuts] Go 1.19 Release Candidate 1 is released

Hello gophers, We have just released go1.19rc1, a release candidate version of Go 1.19. It is cut from release-branch.go1.19 at the revision tagged go1.19rc1. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable.

[go-nuts] Go 1.19 Beta 1 is released

Hello gophers, We have just released go1.19beta1, a beta version of Go 1.19. It is cut from the master branch at the revision tagged go1.19beta1. Please try your production load tests and unit tests with the new version. Your help testing these pre-release versions is invaluable. Report any