oss-sec mailing list archives
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes
From: Matthias Ferdinand <ml.oss-security () mfedv net>
Date: Fri, 17 Apr 2026 12:30:04 +0200
On Fri, Apr 10, 2026 at 04:58:03AM +0200, Solar Designer wrote:
On Wed, Apr 08, 2026 at 04:24:34PM -0700, Alan Coopersmith wrote:https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU announces:We have just released Go versions 1.26.2 and 1.25.9, minor point releases. These releases include 10 security fixes following the security policy:This includes 2 issues in the compiler itself, which made some Go programs not memory safe:
... I did not see any Linux distribution advisories for compiled Go programs yet, but some projects using Go have released upates: - https://rclone.org/changelog/#v1-73-4-2026-04-08 Update to go 1.25.9 to fix multiple CVEs - https://github.com/grafana/grafana/releases/tag/v12.4.3 2026-04-14: Go: Update to 1.25.9 I looked at https://github.com/gopasspw/gopass and https://github.com/restic/restic, but they have not yet issued updated releases. Perhaps the message did not spread wide enough. Or are many Go programs just not affected? Matthias
Current thread:
- Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith (Apr 08)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer (Apr 09)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand (Apr 17)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz (Apr 17)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James (Apr 17)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand (Apr 17)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer (Apr 09)