Golang team at Google released Go 1.16.1 and Go 1.15.9 versions.
As part of this releases, Go Language team addressed few security issues reported recently.
Fixed security Issues
Skip methods of an
xml.Decoder provided by
xml.NewTokenDecoder may enter an infinite loop when operating on a custom
xml.TokenReader which returns an EOF in the middle of an open XML element.
Sam Whited reported this issue.
Here is the commit which will fix the above issue.
Reader.Open API in Go 1.16, will panic when used on a ZIP archive containing files that start with “../”.
Update to Go 1.16.1 version
Use the below download link to update to Go 1.16.1 version
Update to Go 1.15.9 version
Use the below download link to update to Go 1.15.9 version
The above security issues will be addressed in Go 1.16.2 and Go 1.15.10 versions as well.
If you are not sure about which version to update then choose Go 1.16.1 version.