Golang 1.1x Releases: Latest Updates To Strengthen Security

by do son · Published · Updated

Designing Scalable API
API - application programming interface concept API concept with abstract high speed technology POV motion blur

Golang has recently released several updates to strengthen security. Like building applications in any other language, cyber protection must be a top priority. Go is an open-source language, so it’s essential to implement reliable security testing procedures. Fortunately, Go is optimizing its programming language to improve security and streamline testing. As a Golang software developer, you should know how the latest release updates strengthen security and optimize your penetration testing. Read on to learn about the latest Golang 1.1x releases updates to strengthen security across custom programs.

1.11 Go Test Modules

In the 1.11 release update, Go has optimized the testing command for modules. To identify problems before running a test, the “go test” command runs “go vet” on the package being tested. This particular update now fails tests that do not type check. Thus, it can now correctly identify unused variable errors. Once your program has accurately passed performance testing, you can implement the Go Web Application Penetration Test (WAPT) to ensure your project is secure from hackers. The 1.11 release update has transformed Go testing so you can deliver secure software.

1.12 TLS 1.3 Support

Next, Go’s 1.12 release update introduced support for 1.3 TLS in the “crypto/tls” package. With the most recent update, you can access open source, high performance, low rules maintenance, coupled with dozens of other advanced features. As of the 1.12 update, you could enable this by adding “tls13=1” to the “GODEBUG” environment variable. All of the features in TLS 1.3 were designed to provide equivalent or better security performance than TLS 1.2. Notably, TLS cipher suites are not configurable in this update. With that being said, all supported cipher suites are safe. In Go 1.12, TLS 1.3 supports equal or better security performance in the “crypto/tls” package.

1.13 Go Command Upgrade

In addition, Golang version 1.13 updates it go version command to accept arguments naming executables and directories. The command can be used to print the Go version or module version using the “-m” flag. Then, “go build” writes executable files in that directory for main packages that match the package arguments. Additionally, developers can invoke the command on directories to return information about the specific branch or subdirectory. Of course, you can use this alongside modules like isatty, created by the user mattn, to determine if a file descriptor is associated with a terminal. By optimizing your directory and package file information, you can increase security in your pipeline. In this way, Golang 1.13 optimizes security in its Go command release.

1.14 Library Change Features

There are dozens of new cloud-native security and vulnerability risk management features with the new Go update. 1.14 offers a new library change in crypto/tls designed to optimize security. In particular, this update removes support for SSL version 3.0. Certainly, this is crucial for the protection of your programs. SSLv3 is the cryptographically broken protocol that predates TLS. Notably, the tls package no longer supports the legacy Next Protocol Negotiation Extension (NPN) and now only supports ALPN. Many clients had already removed NPN in favor of ALPN for its standardized support. Most importantly, the 1.14 crypto/tls library change improves security with its removal of SSLv3.

1.15 New Compiler Updates

Furthermore, Go’s 1.15 compiler has been recently updated to improve safety rules for your programs. Most notably, the new compiler reduces binary sizes by about 5%. Being released just 6 months after 1.14, it also has a new “spectre” flag to mitigate Spectre CPU vulnerabilities. Even though the compiler flag is rarely needed, it increases the overall security. Moreover, the ability to enable vulnerability mitigations gives developers more control over the compiler configuration. This way, you can continue to optimize your software prior to deployment. As the most recent release, Golang 1.15 significantly improves safety rules in the compiler.

Golang has recently released several updates to strengthen security. Since internet security is so important, it is critical to familiarize yourself with the new update features. For instance, release 1.11 improves error identification in testing. Plus, you can integrate Go WAPT penetration testing to protect your programs from hackers. In addition, version 1.12 supports 1.3 TLS for better security performance. Moreover, 1.13 optimizes protection in the Go command. Additionally, 1.14 introduces library changes tocrypto/tls crucial to protect your software. Furthermore, Go’s most recent 1.15 release updates the compiler to improve safety rules. Consider the points mentioned above to learn about the latest 1.1x release updates to strengthen security in your custom development projects.

Tags: Golang Strengthen Security