Hello gophers, Due to an issue with the release tooling (https://golang.org/issue/29906), go1.11.5.linux-amd64.tar.gz and go1.10.8.linux-amd64.tar.gz include two unnecessary directories in the root of the archive: "gocache" and "tmp".
They are harmless and safe to remove. The following commands can be used to extract only the necessary “go” directory from the archives: tar -C /usr/local -xzf go1.11.5.linux-amd64.tar.gz go tar -C /usr/local -xzf go1.10.8.linux-amd64.tar.gz go These commands will create a Go tree in /usr/local/go. Sorry for the inconvenience, Julie (on behalf of the Go team) On Wed, Jan 23, 2019 at 4:53 PM Julie Qiu <ju...@golang.org> wrote: > Hi gophers, > > We have just released Go 1.11.5 and Go 1.10.8 to address a recently > reported security issue. We recommend that all users update to one of these > releases (if you’re not sure which, choose Go 1.11.5). > > This DoS vulnerability in the crypto/elliptic implementations of the P-521 > and P-384 elliptic curves may let an attacker craft inputs that consume > excessive amounts of CPU. > > These inputs might be delivered via TLS handshakes, X.509 certificates, > JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH > private key is reused more than once, the attack can also lead to key > recovery. > > The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the > Go issue for more details. > > Downloads are available at https://golang.org/dl for all supported > platforms. > > Cheers, > > Julie (on behalf of the Go team) > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
