Got it, thanks. On Wed, Jan 23, 2019 at 6:41 PM Julie Qiu <ju...@golang.org> wrote: > > We will not be updating the archives for this release. The reason is because > these directories do not affect functionality, and we do not want to risk the > availability of the security release, nor we want to change the contents of > already published archives. > > Julie > > On Wed, Jan 23, 2019 at 8:00 PM andrey mirtchovski <mirtchov...@gmail.com> > wrote: >> >> sorry to be a bother, but are you publishing new archives? will you >> publish new hashes for the archives with the commands executed thusly? >> >> On Wed, Jan 23, 2019 at 5:12 PM Julie Qiu <ju...@golang.org> wrote: >> > >> > Hello gophers, >> > >> > Due to an issue with the release tooling (https://golang.org/issue/29906), >> > go1.11.5.linux-amd64.tar.gz and go1.10.8.linux-amd64.tar.gz include two >> > unnecessary directories in the root of the archive: "gocache" and "tmp". >> > >> > They are harmless and safe to remove. >> > >> > The following commands can be used to extract only the necessary “go” >> > directory from the archives: >> > >> > tar -C /usr/local -xzf go1.11.5.linux-amd64.tar.gz go >> > tar -C /usr/local -xzf go1.10.8.linux-amd64.tar.gz go >> > >> > >> > These commands will create a Go tree in /usr/local/go. >> > >> > Sorry for the inconvenience, >> > Julie (on behalf of the Go team) >> > >> > On Wed, Jan 23, 2019 at 4:53 PM Julie Qiu <ju...@golang.org> wrote: >> >> >> >> Hi gophers, >> >> >> >> We have just released Go 1.11.5 and Go 1.10.8 to address a recently >> >> reported security issue. We recommend that all users update to one of >> >> these releases (if you’re not sure which, choose Go 1.11.5). >> >> >> >> This DoS vulnerability in the crypto/elliptic implementations of the >> >> P-521 and P-384 elliptic curves may let an attacker craft inputs that >> >> consume excessive amounts of CPU. >> >> >> >> These inputs might be delivered via TLS handshakes, X.509 certificates, >> >> JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH >> >> private key is reused more than once, the attack can also lead to key >> >> recovery. >> >> >> >> The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the >> >> Go issue for more details. >> >> >> >> Downloads are available at https://golang.org/dl for all supported >> >> platforms. >> >> >> >> Cheers, >> >> >> >> Julie (on behalf of the Go team) >> > >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "golang-dev" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to golang-dev+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout.
-- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
