We have just released Go versions 1.18.5 and 1.17.13, minor point releases.
These minor releases include 1 security fixes following the security policy:
encoding/gob & math/big: decoding big.Float and big.Rat can panic
Decoding big.Float and big.Rat types can panic if the encoded message is too short.
This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.
View the release notes for more information:
You can download binary and source distributions from the Go website:
To compile from source using a Git clone, update to the release with
git checkout go1.18.5 and build as usual.
Thanks to everyone who contributed to the releases.
Dmitri, Cherry, and Heschi for the Go team