Go 1.15.7 and Go 1.14.14 versions are released

Go language team at Google released Go 1.15.7 and Go 1.14.14 versions to address few security issues recently reported.

All users are recommend to update to one of these Go language releases.

If you are not sure which version to update choose Go 1.15.7.

The issues fixed as part of these releases.

  1. cmd/go: packages using cgo can cause arbitrary code execution at build time
  2. crypto/elliptic: incorrect operations on the P-224 curve

The security issue in cmd/go package has been reported by RyotaK

For more details on the cmd/go change and to help deciding whether your own programs might have similar issues, see the blog post at https://blog.golang.org/path-security.

And the second security issue in crypto/elliptic was found by the elliptic-curve-differential-fuzzer project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).

Update to Go 1.15.7 version

Use the below download link to update to Go 1.15.7 version