Groups
Groups
Sign in
Groups
Groups
golang-announce
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–14 of 14
anno...@golang.org
Apr 7
[security] Go 1.26.2 and Go 1.25.9 are released
you to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2026-27140 and Go issue https://go.dev/issue/78335. - crypto/x509: unexpected work during chain building
unread,
[security] Go 1.26.2 and Go 1.25.9 are released
you to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2026-27140 and Go issue https://go.dev/issue/78335. - crypto/x509: unexpected work during chain building
Apr 7
Roland Shoemaker
3/4/25
Vulnerability in golang.org/x/net
match and not be proxied. Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2025-22870 and Go issue https://go.dev/issue/71984. Cheers, Go Security team
unread,
Vulnerability in golang.org/x/net
match and not be proxied. Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2025-22870 and Go issue https://go.dev/issue/71984. Cheers, Go Security team
3/4/25
anno...@golang.org
3/4/25
[security] Go 1.24.1 and Go 1.23.7 are released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2025-22870 and Go issue https://go.dev/issue/71984. View the release notes for more information: https
unread,
[security] Go 1.24.1 and Go 1.23.7 are released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2025-22870 and Go issue https://go.dev/issue/71984. View the release notes for more information: https
3/4/25
Cherry Mui
2/5/25
[security] Go 1.24 Release Candidate 3 is released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2025-22867 and Go issue https://go.dev/issue/71476. - crypto/elliptic: timing sidechannel for P-256
unread,
[security] Go 1.24 Release Candidate 3 is released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2025-22867 and Go issue https://go.dev/issue/71476. - crypto/elliptic: timing sidechannel for P-256
2/5/25
Michael Knyszek
1/16/25
[security] Go 1.24 Release Candidate 2 is released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2024-45341 and Go issue https://go.dev/issue/71156. - net/http: sensitive headers incorrectly sent after
unread,
[security] Go 1.24 Release Candidate 2 is released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2024-45341 and Go issue https://go.dev/issue/71156. - net/http: sensitive headers incorrectly sent after
1/16/25
anno...@golang.org
1/16/25
[security] Go 1.23.5 and Go 1.22.11 are released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2024-45341 and Go issue https://go.dev/issue/71156. - net/http: sensitive headers incorrectly sent after
unread,
[security] Go 1.23.5 and Go 1.22.11 are released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2024-45341 and Go issue https://go.dev/issue/71156. - net/http: sensitive headers incorrectly sent after
1/16/25
Cherry Mui
5/7/24
[security] Go 1.22.3 and Go 1.21.10 are released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2024-24787 and Go issue https://go.dev/issue/67119. - net: malformed DNS message can cause infinite loop
unread,
[security] Go 1.22.3 and Go 1.21.10 are released
Thanks to
Juho
Forsén of Mattermost for reporting this issue. This is CVE-2024-24787 and Go issue https://go.dev/issue/67119. - net: malformed DNS message can cause infinite loop
5/7/24
anno...@golang.org
3/5/24
[security] Go 1.22.1 and Go 1.21.8 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-45289 and Go issue https://go.dev/issue/65065. - html/template: errors returned from MarshalJSON
unread,
[security] Go 1.22.1 and Go 1.21.8 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-45289 and Go issue https://go.dev/issue/65065. - html/template: errors returned from MarshalJSON
3/5/24
Cherry Mui
9/6/23
[security] Go 1.21.1 and Go 1.20.8 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-39320 and Go issue https://go.dev/issue/62198. - html/template: improper handling of HTML-like
unread,
[security] Go 1.21.1 and Go 1.20.8 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-39320 and Go issue https://go.dev/issue/62198. - html/template: improper handling of HTML-like
9/6/23
anno...@golang.org
,
Ian Lance Taylor
2
6/6/23
[security] Go 1.20.5 and Go 1.19.10 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-29402 and Go issue https://go.dev/issue/60167. - runtime: unexpected behavior of setuid/setgid
unread,
[security] Go 1.20.5 and Go 1.19.10 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-29402 and Go issue https://go.dev/issue/60167. - runtime: unexpected behavior of setuid/setgid
6/6/23
anno...@golang.org
5/2/23
[security] Go 1.20.4 and Go 1.19.9 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-24539 and Go issue https://go.dev/issue/59720. - html/template: improper handling of JavaScript
unread,
[security] Go 1.20.4 and Go 1.19.9 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this issue. This is CVE-2023-24539 and Go issue https://go.dev/issue/59720. - html/template: improper handling of JavaScript
5/2/23
anno...@golang.org
7/12/22
[security] Go 1.18.4 and Go 1.17.12 are released
reported by
Juho
Nurminen of Mattermost. This is CVE-2022-28131 and Go issue https://go.dev/issue/53614. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder
unread,
[security] Go 1.18.4 and Go 1.17.12 are released
reported by
Juho
Nurminen of Mattermost. This is CVE-2022-28131 and Go issue https://go.dev/issue/53614. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder
7/12/22
Dmitri Shuralyov
4/12/22
[security] Go 1.18.1 and Go 1.17.9 are released
Thanks to
Juho
Nurminen of Mattermost who reported the error. This is CVE-2022-24675 and https://go.dev/issue/51853. - crypto/elliptic: tolerate all oversized scalars in generic
unread,
[security] Go 1.18.1 and Go 1.17.9 are released
Thanks to
Juho
Nurminen of Mattermost who reported the error. This is CVE-2022-24675 and https://go.dev/issue/51853. - crypto/elliptic: tolerate all oversized scalars in generic
4/12/22
Carlos Amedee
3/3/22
[security] Go 1.17.8 and Go 1.16.15 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this. This is CVE-2022-24921 and https://go.dev/issue/51112. View the release notes for more information: https://go.dev
unread,
[security] Go 1.17.8 and Go 1.16.15 are released
Thanks to
Juho
Nurminen of Mattermost for reporting this. This is CVE-2022-24921 and https://go.dev/issue/51112. View the release notes for more information: https://go.dev
3/3/22