Re: [go-nuts] Connectivity breakage from removal of TLS RSA KEX from default encryption suite

I should also note that for programs built using the go.mod "go" directive, with a version set to a pre-1.22 value, due to GODEBUG semantics the default behavior will not have changed, since it will be automatically set to the value that enables the old behavior. On Tuesday, August 27, 2024 at 1

Re: [go-nuts] Connectivity breakage from removal of TLS RSA KEX from default encryption suite

I agree that in this case the release note we provided was likely not informative enough. We try to walk the line of providing useful yet concise notes about changes, but in this particular case we did not provide enough detail specifically about how this change may cause breakage. In general t

[go-nuts] Re: [golang-dev] [security] Go 1.20.1 and Go 1.19.6 are released

Hey all, When writing the release note for the net/http and mime/multipart security fix (CVE-2022-41725), we mixed up two earlier reports about a similar issue and credited the incorrect reporter. The credit should go to Arpad Ryszka and Jakob Ackermann. We apologize for this mixup, and want to s

[go-nuts] [security] Go 1.17.2 and Go 1.16.9 pre-announcement

Hello gophers, We plan to issue Go 1.17.2 and Go 1.16.9 on Thursday, October 7. These are minor releases that include security fixes to the standard library. Following our new security policy , this is the pre-announcement of those releases. Thanks, Roland on beha