Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what are the changes in the version of go". In the daily operation, I believe many people have doubts about the changes in the version of go. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "what are the changes in the version of go?" Next, please follow the editor to study!

Go version changes search method

Https://github.com/golang/go/issues?q=milestone%3AGo1.13.5+label%3ACherryPickApproved

Search bar: milestone:Go1.13.5 label:CherryPickApproved

Go1.13.6

Go1.13.6 (released on 2020-01-09) includes fixes to the runtime and net/http packages. For more information, see the Go 1.13.6 milestone on our issue tracker.

Net / http: quickly write t.ProxyConnectHeader [1.13 backport] CherryPickApproved in DialConn when the proxy URL includes authentication credentials

Run time: clear the message CherryPickApproved for the increase in allocation count crash on arm64 [1.13 backport]

Doc: version history page contains suboptimal links [1.13 backward migration] CherryPickApproved documents

When running in a Windows docker container, the runtime: "critical error: PowerRegisterSuspendResumeNotification failed" [1.13 backport] CherryPickApproved

Go1.13.5

Go1.13.5 (released in 2019-12-04) includes fixes for go commands, runtime, linker, and net/http packages. For more information, see the Go 1.13.5 milestone on our issue tracker.

Net / http:Server.ConnContext accidentally modified the context of all connections [1.13 backport]

All: ensure that the Go tool chain meets the notarization requirements of Apple [1.13 backport] CherryPickApproved

Cmd / go: "critical error: concurrent mapping writing" occurred while executing go get [1.13 backport] CherryPickApproved release blocker

Run time: if there is more than one text part, the textOff function returns the wrong value [1.13 backport]

Cmd / link: zero pointer dereferencing crash when building using the Android NDK toolchain [1.13 backport]

Two small versions of Go1.13.4 and 1.12.13 are released

Https://studygolang.com/topics/10355

Go 1.13.4 includes fixes for net/http and syscall packages.

Both versions solve a problem on macOS 10.15 Catalina: unnotarized installers and binaries rejected by Gatekeeper.

Check the release notes for more information:

Https://golang.org/doc/devel/release.html#go1.13.minor

Small versions of Go1.13.3 and Go1.12.12 released

Https://studygolang.com/topics/10268

To address recently reported security issues.

An invalid DSA public key may cause dsa.Verify to fail. In particular, using crypto/x509.Verify on a well-crafted X.509 certificate chain can result in panic, even if the certificate is not linked to a trusted root. The chain can be delivered to the client over a crypto/tls connection, or a server that accepts and validates the client certificate. The net/http client crashes through the HTTPS server, while the net/http server that accepts the client certificate restores the panic and is not affected.

In addition, applications that call crypto/x509. (* CertificateRequest) CheckSignature may crash during X.509 certificate requests, parsing golang.org/x/crypto/openpgp entities, or golang.org/x/crypto/otr conversations. Finally, the golang.org/x/crypto/ssh client may crash because the host key is malformed, and if PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a malformed certificate, the server may crash.

Issue is the CVE-2019-17596 and Go versions of golang.org/issue/34960.

Go version 1.13.2 also includes compiler fixes to prevent incorrect access to negative slice indexes in rare cases. The affected code (the compiler can prove that the index is zero or negative) will cause panic in Go 1.12.11, but may result in arbitrary memory reads and writes in Go 1.13 and Go 1.13.1. This is Go issue golang.org/issue/34802.

As a result, at 07:07, Go1.13.3 and Go1.12.12 were released, which should be the last version with bug, emergency fix.

Therefore, Go 1.13.2 and Go 1.12.11 are not recommended, and Go1.13.3 and Go1.12.12 can be downloaded from https://studygolang.com/dl.

Go 1.13.2 and go1.12.11

Solve security problems

Https://golang.org/security

Go 1.13.1 and Go 1.12.10

Go 1.13.1 and Go 1.12.10 have been released and a security issue has been fixed as follows:

Net/http (via net/textproto) accepts invalid HTTP/1.1 headers and standardizes them, resulting in a space before the colon, resulting in a RFC 7230 error.

If a Go server is used behind an unusual reverse proxy that accepts and forwards these invalid headers without normalizing them, the reverse proxy and the server interpret these headers differently from each other. This can lead to filtering bypass or request vulnerabilities (request smuggling), which can result in request vulnerabilities if requests from different clients are multiplexed by proxies to the same upstream connection. These invalid headers are now rejected by the Go server and passed to the Go client application without normalization.

Check the release notes for more information:

Https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q

Related links

Reference source

Go 1.13

Go 1.13 has been released, and notable improvements in this release include:

Go command can be downloaded and verified directly. For more information, please see using the Go module mirror and Go checksum database by default.

Improved Digital Grammar error Encapsulation improvement default enable TLS 1.3Enhancement of module support

For more information on improvement, please see https://golang.org/doc/go1.13

[reference Source] (https://www.oschina.net/news/109593/go-1-13-released)

GO version 1.13 improvement 1

Https://www.wingsxdu.com/p1391/

First, modularity will become the default feature, leaving the GOPATH era completely; second, the binary feature that is not too important will be abolished.

1. Grammatical sugar

Binary integer digital area: the prefix 0b or 0B indicates the binary integer digital area, such as 0b1011

Octal digits: the prefix 0o or 0O denotes octal denotes, such as 0o660 (octal representations indicated by leading zeros followed by octal numbers are still valid)

Hexadecimal floating-point numbers: you can now use the prefix 0x or 0X to represent hexadecimal format floating-point numbers, such as 0x1.0p-1021. Hexadecimal floating point numbers must always have an index, written as the letter p or P, followed by a decimal index. The exponent calculates the Mantissa to the exponential power of 2. 0x1p-2, for example, represents 1 in hexadecimal divided by 2 ², which is 0.25

Literal part (imaginary part of a complex constant) literal: the imaginary suffix I can now be used with any (binary, decimal, hexadecimal) integer or floating-point literal value, for example: 0xabci = = 0xabc * 1i = = 2748i.

Digit separator: any literal number can now be separated (grouped) by an underscore, such as 1000, 000, 0b_1010_0110, 3.1415, 9265, which may appear between any two-digit or literal prefix and the first digit. (I don't understand)

two。 Tools

Modules improvement

The default value of the GO111MODULE environment variable is auto, but auto activates go command module-aware mode as long as the current working directory contains or is in a directory that contains go.mod files-even if the current directory is within GOPATH/src.

This change simplifies the migration of existing code in GOPATH/src and the ongoing maintenance of module-aware packages and non-module-aware importers.

The GOPROXY environment variable can now be set to a comma-separated list of agents URL or to a special token value of direct, whose default value is now https://proxy.golang.org,direct. When parsing the package path that contains its module, the go command will continuously try all candidate module paths on each agent in the list. With the exception of 404,410, an inaccessible agent or HTTP status code terminates the search without consulting the other agents.

The GOPRIVATE (new) environment variable is used to declare a module path that is not exposed. Used as default values for the lower priority GONOPROXY and GONOSUMDB variables, which modules are extracted by the agent and validated using the checksum database, providing finer manipulation.

The GOSUMDB (new) environment variable identifies the name of the database, optional public key, and server URL to query the checksum of modules that are not yet listed in the go.sum file of the master module. If the GOSUMDB does not contain explicit URL, select the URL by retrieving the GOPROXY URL that supports the checksum database, and if none of the agents support it, return a direct connection to the specified database. If GOSUMDB is set to off, the checksum database is not queried, only the existing checksum in the go.sum file is validated.

If the user cannot access the default proxy and checksum database (for example, due to firewall configuration), you can set GOPROXY to dircet and / or GOSUMDB to off.

The go env-w instruction can be used to set the default values of these variables, which are common to the whole platform:

Go env-w GOPROXY=direct go env-w GOSUMDB=off

Go version related

Https://www.infoq.com/news/2019/09/go-1-13-module-mirror-checksumdb/

Improvement of Digital Grammar

At the language level, Go 1.13 supports a more uniform set of numeric literal prefixes, such as 0b binary numbers, 0x hexadecimal numbers, 0o octal, and so on. The new version also enables operators so that uint does not need type conversions when using them. Neither change violates Go's commitment to source code that is compatible with earlier versions of the language.

Https://github.com/golang/proposal/blob/master/design/19308-number-literals.md

TLS 1.3 is enabled by default

Https://www.jianshu.com/p/efe44d4a7501?utm_source=oschina-app

There are gains and losses. Although HTTPS increases the security of the website, it will slow down the user's access speed to a certain extent because of the increase in the number of HTTPS handshakes. In order to enable HTTPS to achieve faster data transfer performance and more secure during transmission, the new features of TLS 1.3

The main purpose of TLS (Transport Layer Security Protocol, Transport layer Security Protocol) is to provide privacy and integrity between the two communication applications. The protocol consists of two layers: TLS recording Protocol (TLS Record) and TLS handshake Protocol (TLS Handshake).

When using TLS, the connection between the client and the server has one or more of the following properties:

Connection privacy: symmetric encryption algorithms are used to encrypt data transmission. For example, AES [AES], RC4 [SCH], etc., can use public key encryption to verify the identity and connection reliability of the communicating party: every message sent uses MAC (message authentication code) for integrity check.

Compared with TLS 1.2 and TLS 1.3, the handshake time was halved. This means that visiting a mobile website, using the TLS 1.3 protocol, may reduce nearly 100ms time.

Error

Https://blog.csdn.net/weixin_30257433/article/details/101833961

Some time we need more specific information.

For the sake of code robustness, we can't ignore every error returned by the function. Because an object of type nil is likely to be returned at the same time of the error. If the error is not judged, the next line's operation on the nil object will raise a panic 100 percent.

At this point, the study on "what are the changes in the go version" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.