Go 1.11.5 & 1.10.8 to be Rolled Out

Let's figure out what exactly was fixed and if the improvements are really valuable
24 January 2019   447

Corrective issues of the Go 1.11.5 and 1.10.8 programming language are published, in which the vulnerability in the crypto module is fixed. The problem is caused by a flaw in the implementation of elliptic curves, which can be used to trigger a denial of service (creating a heavy load on the CPU). The potential use of the problem to create attacks that recreate the ECDH private key is not excluded if it is reused more than once.

The vulnerability can be exploited in applications that process incoming X.509 certificates, ECDSA digital signatures and JWT tokens. The attack can also be made when processing client-based or server applications of protocols based on ECDH and TLS connections (using the TLS implementation of the Go language). In distributions, the problem still remains uncorrected (Debian, RHEL / EPEL, Fedora, SUSE, Ubuntu, FreeBSD)

Go 1.12 to be Available

Great news for all Go enthuisiast and developers; let's check what's new
28 February 2019   430

Go 1.12 programming language released, which is being developed by Google with the participation of the community as a hybrid solution combining high performance of compiled languages with such advantages of scripting languages as ease of writing code, speed of development and protection from errors. The project code is distributed under the BSD license.

These are main updates:

  • Native TLS 1.3 support. It is not enabled by default, it is necessary to set the option tls13=1 in the environment variable GODEBUG (package crypto / tls).
  • Improved module system support. Developers are preparing to include it by default in version 1.13.
  • Windows support on ARM architecture systems. For example, Go can now be used with Windows 10 IoT Core on Raspberry Pi 3 boards.
  • Improved compatibility with upcoming versions of macOS and iOS. The layer for making specific system calls is the libSystem library.

Get more information at official documents.

Starting with Go 1.13, support for macOS 10.10 "Yosemite" will be discontinued, as the minimum supported version of macOS will be 10.11 "El Capitan". The next release also plans to end support for the FreeBSD 10.x branch.