Chapter 6. Changes in Go Toolset in Red Hat Developer Tools 2018.2

download PDF

This chapter lists some notable changes in Go Toolset since its previous release.

6.1. Go

Go has been updated from version 1.8.3 to 1.8.7. This release also fixes the discovered security issues like CVE-2018-6574, CVE-2017-15041, and CVE-2017-15042.

Additionally, the following bugs have been fixed:

  • Previously, the enable script for the go-toolset-7 Software Collection incorrectly set the GOPATH environment variable to a directory that required root permissions for write operations. As a consequence, the go compiler terminated unexpectedly when performing certain commands. The enable script has been changed to handle GOPATH correctly, and the described problem no longer occurs. (BZ#1501760)
  • Previously, the go get command allowed Go code to specify plugin options of the gcc and clang compilers during the build. As a consequence, a remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. Go has been changed so that only safe options can be specified for the external compilers. As a result, it is no longer possible to achieve arbitrary command execution with the go get command. (BZ#1545319)
  • Previously, the go-toolset-7-golang package did not specify git as its dependency. As a consequence, the go get command failed in minimal environments without git when a git repository was specified as the import source. The git package has been added as a dependency to go-toolset-7-golang and the problem no longer occurs. (BZ#1536154)

6.2. Container Image

Notable changes include:

  • Source-to-Image (S2I) support has been added to the go-toolset-7-rhel7 container image. As a result, S2I can be used to build Go application containers. (BZ#1554455)
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.