Bug!Go 1.3.2 请勿在Windows平台使用!

Go 1.3.2 新发布的Go 1.3.2 团队宣称请不要在 Windows平台中使用 Go 1.3.2 版本,Windows 用户请继续使用 Go 1.3.1 版本,Go 团队将会尽快推出 Go 1.3.3 版本,预计几天后发布!其他平台没有影响

go

Hi gophers,

We’ve just released Go version 1.3.2, a minor point release.

This release includes bug fixes to cgo and the crypto/tls package.
https://golang.org/doc/devel/release.html#go1.3.minor

The crpyto/tls fix addresses a security bug that affects programs that use crypto/tls to implement a TLS server from Go 1.1 onwards. If the server enables TLS client authentication using certificates (this is rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config, then a malicious client can falsely assert ownership of any client certificate it wishes. This issue was discovered internally and there is no evidence of exploitation.

You can download binary and source distributions from the Go web site:
https://golang.org/dl/

To compile from source using a Mercurial checkout, update to the release with “hg update release” and build as usual.

Thanks to everyone who contributed to the release.

Andrew

转载请注明来源:新一 » Bug!Go 1.3.2 请勿在Windows平台使用!

赞 (1) 评论 (0) 分享 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址