[go-nuts] Re: Go 1.9.3 is released

[lfernandez . dev]

Hi Go team,

It seems that the go1.9.3 tag is not on the good commit,, it's not possible 
to do `git checkout go1.9.3`.

- current go1.9.3 tag: 
https://github.com/golang/go/commit/26b65a4816384072b3abd0c76b969a7940fd4ea0
- current HEAD of the release-branch.go1.9: 
https://github.com/golang/go/commit/a563954b799c6921fc3666b4723d38413f442145


Le lundi 22 janvier 2018 22:32:02 UTC+1, Andrew Bonventre a écrit :
>
> Hi gophers, 
>
> We have just released Go version 1.9.3, a minor point release. 
>
> This release includes fixes to the compiler, runtime, and the 
> database/sql, 
> math/big, net/http, and net/url packages. 
>
> View the release notes for more information: 
>  https://golang.org/doc/devel/release.html#go1.9.minor 
>
> You can download binary and source distributions from the Go web site: 
>  https://golang.org/dl/ 
>
> To compile from source using a Git clone, update to the release with 
> "git checkout go1.9.3" and build as usual. 
>
> Thanks to everyone who contributed to the release. 
>
> The Go Team 
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[go-nuts] Re: [security] Go 1.13.1 and Go 1.12.10 are released

[lfernandez . dev]

Hi Go team,

It seems that the go1.12.10 and go1.13.1 tags are dangling/missing, it's 
not possible to do `git checkout go1.12.10` or `git checkout go1.13.1`

https://go.googlesource.com/go/+/refs/heads/release-branch.go1.12
https://github.com/golang/go/commits/release-branch.go1.12

https://go.googlesource.com/go/+/refs/heads/release-branch.go1.13
https://github.com/golang/go/commits/release-branch.go1.13

Le mercredi 25 septembre 2019 23:58:08 UTC+2, Filippo Valsorda a écrit :
>
> Hi gophers,
>
> We have just released Go 1.13.1 and Go 1.12.10 to address a recently 
> reported security issue. We recommend that all affected users update to one 
> of these releases (if you’re not sure which, choose Go 1.13.1).
>
> net/http (through net/textproto) used to accept and normalize invalid 
> HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. 
> If a Go server is used behind an uncommon reverse proxy that accepts and 
> forwards but doesn't normalize such invalid headers, the reverse proxy and 
> the server can interpret the headers differently. This can lead to filter 
> bypasses or request smuggling 
> , 
> the latter if requests from separate clients are multiplexed onto the same 
> upstream connection by the proxy. Such invalid headers are now rejected by 
> Go servers, and passed without normalization to Go client applications.
>
> The issue is CVE-2019-16276 and Go issue golang.org/issue/34540.
>
> Thanks to Andrew Stucki, Adam Scarr (99designs.com), and Jan Masarik 
> (masarik.sh) for discovering and reporting this issue.
>
> Downloads are available at https://golang.org/dl for all supported 
> platforms.
>
> Alla prossima,
> Filippo on behalf of the Go team
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/f9166ed9-2a63-40de-8daa-47dc0b52aea7%40googlegroups.com.

[go-nuts] Re: [security] Go 1.13.1 and Go 1.12.10 are released

[lfernandez . dev]

Hi Go team,

It seems that the go1.12.10 and go1.13.1 tags are dangling/missing, it's 
not possible to do `git checkout go1.12.10` or `git checkout go1.13.1`

https://go.googlesource.com/go/+/refs/heads/release-branch.go1.12
https://github.com/golang/go/commits/release-branch.go1.12

https://go.googlesource.com/go/+/refs/heads/release-branch.go1.13
https://github.com/golang/go/commits/release-branch.go1.13

Le mercredi 25 septembre 2019 23:58:08 UTC+2, Filippo Valsorda a écrit :
>
> Hi gophers,
>
> We have just released Go 1.13.1 and Go 1.12.10 to address a recently 
> reported security issue. We recommend that all affected users update to one 
> of these releases (if you’re not sure which, choose Go 1.13.1).
>
> net/http (through net/textproto) used to accept and normalize invalid 
> HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. 
> If a Go server is used behind an uncommon reverse proxy that accepts and 
> forwards but doesn't normalize such invalid headers, the reverse proxy and 
> the server can interpret the headers differently. This can lead to filter 
> bypasses or request smuggling 
> , 
> the latter if requests from separate clients are multiplexed onto the same 
> upstream connection by the proxy. Such invalid headers are now rejected by 
> Go servers, and passed without normalization to Go client applications.
>
> The issue is CVE-2019-16276 and Go issue golang.org/issue/34540.
>
> Thanks to Andrew Stucki, Adam Scarr (99designs.com), and Jan Masarik 
> (masarik.sh) for discovering and reporting this issue.
>
> Downloads are available at https://golang.org/dl for all supported 
> platforms.
>
> Alla prossima,
> Filippo on behalf of the Go team
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/fcb080de-798e-40f0-8e68-7b97774832cd%40googlegroups.com.