I updated my release related resources with these releases: - When Should You Upgrade Go? <https://pocketgophers.com/when-should-you-upgrade-go/> - Go Release Timeline <https://pocketgophers.com/go-release-timeline/> Nathan
On Wednesday, February 7, 2018 at 1:15:13 PM UTC-7, Andrew Bonventre wrote: > > Hi gophers, > > We have just released Go 1.8.7, Go 1.9.4, and Go 1.10rc2, to address a > recently-reported security issue. We recommend that all users update to one > of these releases (if you’re not sure which, choose Go 1.9.4). > > By using the clang or gcc plugin mechanism, it was possible for an > attacker to trick the “go get” command into executing arbitrary code. The > go command now restricts the set of allowed host compiler and linker > arguments in cgo source files to a list of allowed flags, in particular > disallowing -fplugin= and -plugin=. > > The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the > Go issue for details. > > Thanks to Christopher Brown of Mattermost for reporting this problem. > > Downloads are available at https://golang.org/dl for all supported > platforms. > > Cheers, > Andy (on behalf of the Go team) > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
