Go 1.16.1 and Go 1.15.9 versions are released
Golang team at Google released Go 1.16.1 and Go 1.15.9 versions.
As part of this releases, Go Language team addressed few security issues reported recently.
Fixed security Issues
Skip methods of an
xml.Decoder provided by
xml.NewTokenDecoder may enter an infinite loop when operating on a custom
xml.TokenReader which returns an EOF in the middle of an open XML element.
Sam Whited reported this issue.
Here is the commit which will fix the above issue. https://github.com/golang/go/commit/d86e53e896eca907ad67300c0bb495e3dd925358
Reader.Open API in Go 1.16, will panic when used on a ZIP archive containing files that start with “../”.
Commit for the fix https://github.com/golang/go/commit/634d28d78ccbeb6e86f8bfeba030ea8be518f8fa
Update to Go 1.16.1 version
Use the below download link to update to Go 1.16.1 version
Update to Go 1.15.9 version
Use the below download link to update to Go 1.15.9 version
The above security issues will be addressed in Go 1.16.2 and Go 1.15.10 versions as well.
If you are not sure about which version to update then choose Go 1.16.1 version.