Not sure if this is a real issue but I noticed it with rc1 also. Raised a github request here: https://github.com/golang/go/issues/16409
I'm unable to install it on a Mac from .pkg file into any dir except /usr/local/go. On Monday, 18 July 2016 22:29:54 UTC+5:30, Chris Broadfoot wrote: > > A security-related issue was recently reported in Go's net/http/cgi > package and net/http package when used in a CGI environment. Go 1.6.3 and > Go 1.7rc2 will contain a fix for this issue. > > Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation > flaw in the CGI components resulting in the HTTP_PROXY environment variable > being set by the incoming Proxy header. This environment variable was also > used to set the outgoing proxy, enabling an attacker to insert a proxy into > outgoing requests of a CGI program. > This is CVE-2016-5386 and was addressed by this change: > https://golang.org/cl/25010, tracked in this issue: > https://golang.org/issue/16405 > > The Go team would like to thank Dominic Scheirlinck for coordinating > disclosure of this issue across multiple languages and CGI environments. > Read more about "httpoxy" here: https://httpoxy.org/ > > Go 1.6.3 also adds support for macOS Sierra. See > https://golang.org/issue/16354 for details. > > Downloads are available at https://golang.org/dl for all supported > platforms. > > Cheers, > Chris (on behalf of the Go team) > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
