[security] Go 1.19.3 and Go 1.18.8 pre-announcement

6,163 views
Skip to first unread message

anno...@golang.org

unread,
Oct 26, 2022, 12:25:43 PM10/26/22
to golan...@googlegroups.com

Hello gophers,

We plan to issue Go 1.19.3 and Go 1.18.8 on Tuesday, November 1.

These minor releases include PRIVATE security fixes to the standard library.

Following our security policy, this is the pre-announcement of those releases.

Thanks,
Tatiana and Heschi for the Go team

Russ Cox

unread,
Oct 31, 2022, 10:54:29 AM10/31/22
to golang-announce
To answer a question we've been asked a few times:

For the record, the Go security fixes being released tomorrow 
are unrelated to the OpenSSL CRITICAL security patch release 
that is by an unlucky coincidence also happening tomorrow.

The Go team does not classify the severity of the security fixes
we issue, because severity is inherently context-dependent.
That said, the worst case exposure from what we're fixing
tomorrow is not something that OpenSSL would rate as CRITICAL.
So if you need to prioritize, probably deal with OpenSSL's first.

Happy Halloween!

Best,
Russ
Reply all
Reply to author
Forward
0 new messages