Sitemap

Sign in

Medium Logo
Write

Sign in

Go 1.24.4 and 1.23.10 bring important security fixes

ASAcrew Blog
Jun 5, 2025

The Go team has released versions 1.24.4 and 1.23.10, both addressing critical security issues:

  • net/http: Sensitive proxy headers were not cleared on cross-origin redirects (CVE-2025–4673)
  • os: Inconsistent handling of O_CREATE|O_EXCL with symlinks on Unix vs. Windows (CVE-2025–0913)
  • crypto/x509: Using ExtKeyUsageAny unintentionally disabled policy validation (CVE-2025–22874)

If you’re maintaining Go-based applications, it’s highly recommended to upgrade.

📄 Full release notes

Go
Golang
Security

--

--

ASAcrew Blog
ASAcrew Blog

Written by ASAcrew Blog

0 followers
2 following

From websites to complex IT projects, we share a passion for crafting innovative, state-of-the-art digital products with creativity and precision.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech