How do I update golang standard library in my go application?
Question
I have an application that was built with go 1.16.4, which uses (imports) the archive/zip component of the Go std lib. I took a look at the golang Release Notes and see that a security vulnerability has been fixed in archive/zip in golang 1.16.5. How do I ensure that my application is no longer vulnerable? Must I upgrade my version of go itself, and then rebuild with that new version of go ? Or could I vendor the newer version of the fixed component then rebuild? Must the files in the build machine's $GOROOT be updated?
1 answers
solution1
2 ACCPTED 2021-07-27 22:36:39
Must I upgrade my version of
goitself, and then rebuild with that new version ofgo?
Yes...
- Upgrade Go.
- Rebuild.
Or could I vendor the newer version of the fixed component then rebuild?
No, you can't vendor the Go standard library.
Must the files in the build machine's
$GOROOTbe updated?
GOROOT is the root folder of the Go SDK installation. It is updated when you upgrade Go on the machine (or container) that invokes go build / go install .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.