首页 文章详情

Go 1.17.7 发布

Go语言精选 | 322 2022-02-17 02:48 0 0 0
UniSMS (合一短信)
点击上方蓝色“Go语言中文网”关注,每天一起学 Go

大家好,我是站长 polarisxu。

昨天,Go 发布了 1.17.7 和 1.16.14,这依然是两个小版本,主要是安全更新。


  • crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates

    Some big.Int values that are not valid field elements (negative or overflowing) might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values. Thanks to Guido Vranken for reporting this. This is CVE-2022-23806 and


  • math/big: prevent large memory consumption in Rat.SetString

    An attacker can cause unbounded memory growth in a program using (*Rat).SetString due to an unhandled overflow. Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel Odeke (@odeke_et) for reporting it. This is CVE-2022-23772 and Go issue https://go.dev/issue/50699.

  • cmd/go: prevent branches from materializing into versions

    A branch whose name resembles a version tag (such as "v1.0.0" or "subdir/v2.0.0-dev") can be considered a valid version by the go command. Materializing versions from branches might be unexpected and bypass ACLs that limit the creation of tags but not branches.

    This is CVE-2022-23773 and Go issue https://go.dev/issue/35671.



Go 语言中文网也已经准备好这两个版本的安装包了,下载地址:https://studygolang.com/dl。


官方一直维护最近的两个主要版本,因为 Go1.18 还没有正式发布,因此最近的两个主要版本是:Go1.17.x 和 Go1.16.x。



我为大家整理了一份从入门到进阶的Go学习资料礼包,包含学习建议:入门看什么,进阶看什么。关注公众号 「polarisxu」,回复 ebook 获取;还可以回复「进群」,和数万 Gopher 交流学习。

good-icon 0
favorite-icon 0
回复数量: 0