We have just released Go versions 1.16.7 and 1.15.15, minor point releases.
These minor releases include a security fix according to the new security
A net/http/httputil ReverseProxy can panic due to a race condition if its
Handler aborts with ErrAbortHandler, for example due to an error in copying the
response body. An attacker might be able to force the conditions leading to the
This is issue https://golang.org/issue/46866
and CVE-2021-36221. Thanks to
Andrew Crump (VMware) for reporting this issue.
View the release notes for more information:
You can download binary and source distributions from the Go web site:
To compile from source using a Git clone, update to the release with
"git checkout go1.16.7" and build as usual.
Thanks to everyone who contributed to the releases.
David, Carlos, and Alex for the Go team