- go1.24.2 (released 2025-04-01) includes security fixes to the
net/http package, as well as bug fixes to the compiler, the
runtime, the go command, and the crypto/tls, go/types, net/http,
and testing packages.
Refs boo#1236217 go1.24 release tracking
CVE-2025-22871
* go#72011 go#71988 boo#1240550 security: fix CVE-2025-22871 net/http: reject bare LF in chunked encoding
* go#72067 cmd/compile: out of memory
* go#72103 net/http: go1.24 breaks compatibility by modifying in-place the tls.Config{NextProtos}
* go#72115 runtime: process hangs for mips hardware
* go#72796 runtime: add an example for AddCleanup
* go#72822 cmd/compile: OOM with mutually-recursive iter.Seq
* go#72823 crypto/tls: FIPS 140-3 modes reject ECDSA w/ curve P-521/SHA-512 in TLS
* go#72826 go/types, types2: CheckExpr / Eval may mutate type checked objects (=> data race)
* go#72872 runtime: cgo callback on extra M treated as external code after nested cgo callback returns
* go#72934 testing: b.StopTimer breaks b.Loop
* go#72938 internal/godebugs: winsymlink and winreadlinkvolume have incorrect defaults for Go 1.22
* go#72974 testing: b.Loop gives bogus results in some situations
- Packaging improvements:
* SLE-12 only: Add declarations to Cgo seccomp_linux.go
for new syscalls seccomp and getrandom which are not present
in the kernel headers supplied by glibc version in SLE-12.
(Marcus Meissner)
Refs boo#1239182
net/http package, as well as bug fixes to cgo, the compiler, the
go command, and the reflect, runtime, and syscall packages.
OBS-URL: https://build.opensuse.org/request/show/1266333
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.24?expand=0&rev=12
