Chapter 6. Changes in Go Toolset in Red Hat Developer Tools 2018.2
This chapter lists some notable changes in Go Toolset since its previous release.
6.1. Go
Go has been updated from version 1.8.3 to 1.8.7. This release also fixes the discovered security issues like CVE-2018-6574, CVE-2017-15041, and CVE-2017-15042.
Additionally, the following bugs have been fixed:
-
Previously, the enable script for the go-toolset-7 Software Collection incorrectly set the
GOPATH
environment variable to a directory that required root permissions for write operations. As a consequence, thego
compiler terminated unexpectedly when performing certain commands. The enable script has been changed to handleGOPATH
correctly, and the described problem no longer occurs. (BZ#1501760) -
Previously, the
go get
command allowed Go code to specify plugin options of thegcc
andclang
compilers during the build. As a consequence, a remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. Go has been changed so that only safe options can be specified for the external compilers. As a result, it is no longer possible to achieve arbitrary command execution with thego get
command. (BZ#1545319) -
Previously, the go-toolset-7-golang package did not specify git as its dependency. As a consequence, the
go get
command failed in minimal environments withoutgit
when a git repository was specified as the import source. The git package has been added as a dependency to go-toolset-7-golang and the problem no longer occurs. (BZ#1536154)
6.2. Container Image
Notable changes include:
- Source-to-Image (S2I) support has been added to the go-toolset-7-rhel7 container image. As a result, S2I can be used to build Go application containers. (BZ#1554455)