Chapter 6. Changes in Go Toolset in Red Hat Developer Tools 2018.2
This chapter lists some notable changes in Go Toolset since its previous release.
6.1. Go
Go has been updated from version 1.8.3 to 1.8.7. This release also fixes the discovered security issues like CVE-2018-6574, CVE-2017-15041, and CVE-2017-15042.
Additionally, the following bugs have been fixed:
-
Previously, the enable script for the go-toolset-7 Software Collection incorrectly set the
GOPATHenvironment variable to a directory that required root permissions for write operations. As a consequence, thegocompiler terminated unexpectedly when performing certain commands. The enable script has been changed to handleGOPATHcorrectly, and the described problem no longer occurs. (BZ#1501760) -
Previously, the
go getcommand allowed Go code to specify plugin options of thegccandclangcompilers during the build. As a consequence, a remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. Go has been changed so that only safe options can be specified for the external compilers. As a result, it is no longer possible to achieve arbitrary command execution with thego getcommand. (BZ#1545319) -
Previously, the go-toolset-7-golang package did not specify git as its dependency. As a consequence, the
go getcommand failed in minimal environments withoutgitwhen a git repository was specified as the import source. The git package has been added as a dependency to go-toolset-7-golang and the problem no longer occurs. (BZ#1536154)
6.2. Container Image
Notable changes include:
- Source-to-Image (S2I) support has been added to the go-toolset-7-rhel7 container image. As a result, S2I can be used to build Go application containers. (BZ#1554455)
