Hello gophers, We have just released Go versions 1.20.6 and 1.19.11, minor point releases.
These minor releases include 1 security fixes following the security policy <https://go.dev/security>: - net/http: insufficient sanitization of Host header The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Thanks to Bartek Nowotarski for reporting this issue. Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374 View the release notes for more information: https://go.dev/doc/devel/release#go1.20.6 You can download binary and source distributions from the Go website: https://go.dev/dl/ To compile from source using a Git clone, update to the release with git checkout go1.20.6 and build as usual. Thanks to everyone who contributed to the releases. Cheers, Cherry and Joedian for the Go team -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/73knw3XbRbi9CHGjaDyW1g%40geopod-ismtpd-17.
