[security] Go 1.19.3 and Go 1.18.8 pre-announcement

[anno...@golang.org]

Hello gophers,

We plan to issue Go 1.19.3 and Go 1.18.8 on Tuesday, November 1.

These minor releases include PRIVATE security fixes to the standard library.

Following our security policy, this is the pre-announcement of those releases.

Thanks,
Tatiana and Heschi for the Go team

[Russ Cox]

To answer a question we've been asked a few times:

For the record, the Go security fixes being released tomorrow 

are unrelated to the OpenSSL CRITICAL security patch release 

that is by an unlucky coincidence also happening tomorrow.

The Go team does not classify the severity of the security fixes

we issue, because severity is inherently context-dependent.

That said, the worst case exposure from what we're fixing

tomorrow is not something that OpenSSL would rate as CRITICAL.

So if you need to prioritize, probably deal with OpenSSL's first.

Happy Halloween!

Best,

Russ