[security] Go 1.7.6 and Go 1.8.2 are released

unread,

May 23, 2017, 3:28:01 PM5/23/17

to golang-nuts

A security-related issue was recently reported in Go's crypto/elliptic package.

To address this issue, we have just released Go 1.7.6 and Go 1.8.2.

The Go team would like to thank Vlad Krasnov and Filippo Valsorda at Cloudflare for reporting the issue and providing a fix.

The issue affects Go's P-256 implementation on the 64-bit x86 architecture.

This is CVE-2017-8932 and was addressed by this change: https://golang.org/cl/41070, tracked in this issue: https://golang.org/issue/20040

Downloads are available at https://golang.org/dl for all supported platforms.

We will be releasing Go 1.8.3 later today, which will additionally include some non-security fixes.

Cheers,

Chris (on behalf of the Go team)

unread,

May 23, 2017, 10:58:43 PM5/23/17

to golang-nuts

Is there some kind of a mailing list (for Go releases only), so that we can be notified of new releases via email?

unread,

May 23, 2017, 11:02:18 PM5/23/17

to golang-nuts

unread,

May 23, 2017, 11:15:25 PM5/23/17

to golang-nuts

That's it. Thanks.

unread,

May 24, 2017, 1:42:11 AM5/24/17

to golang-nuts

I updated my Go Release Timeline with these updates:

Reply all

Reply to author

Forward