mirror of
https://github.com/golang/go
synced 2024-11-26 09:28:07 -07:00
48c88f1b1b
For #395 For #46746 Change-Id: I4bfc094cf1cecd27ce48e31f92384cf470f371a6 Reviewed-on: https://go-review.googlesource.com/c/go/+/334669 Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
1212 lines
51 KiB
HTML
1212 lines
51 KiB
HTML
<!--{
|
||
"Title": "Go 1.17 Release Notes",
|
||
"Path": "/doc/go1.17"
|
||
}-->
|
||
|
||
<!--
|
||
NOTE: In this document and others in this directory, the convention is to
|
||
set fixed-width phrases with non-fixed-width spaces, as in
|
||
<code>hello</code> <code>world</code>.
|
||
Do not send CLs removing the interior tags from such phrases.
|
||
-->
|
||
|
||
<style>
|
||
main ul li { margin: 0.5em 0; }
|
||
</style>
|
||
|
||
<h2 id="introduction">DRAFT RELEASE NOTES — Introduction to Go 1.17</h2>
|
||
|
||
<p>
|
||
<strong>
|
||
Go 1.17 is not yet released. These are work-in-progress
|
||
release notes. Go 1.17 is expected to be released in August 2021.
|
||
</strong>
|
||
</p>
|
||
|
||
<h2 id="language">Changes to the language</h2>
|
||
|
||
<p>
|
||
Go 1.17 includes three small enhancements to the language.
|
||
</p>
|
||
|
||
<ul>
|
||
<li><!-- CL 216424; issue 395 -->
|
||
<a href="/ref/spec#Conversions_from_slice_to_array_pointer">Conversions
|
||
from slice to array pointer</a>: An expression <code>s</code> of
|
||
type <code>[]T</code> may now be converted to array pointer type
|
||
<code>*[N]T</code>. If <code>a</code> is the result of such a
|
||
conversion, then corresponding indices that are in range refer to
|
||
the same underlying elements: <code>&a[i] == &s[i]</code>
|
||
for <code>0 <= i < N</code>. The conversion panics if
|
||
<code>len(s)</code> is less than <code>N</code>.
|
||
</li>
|
||
|
||
<li><!-- CL 312212; issue 40481 -->
|
||
<a href="/pkg/unsafe#Add"><code>unsafe.Add</code></a>:
|
||
<code>unsafe.Add(ptr, len)</code> adds <code>len</code>
|
||
to <code>ptr</code> and returns the updated pointer
|
||
<code>unsafe.Pointer(uintptr(ptr) + uintptr(len))</code>.
|
||
</li>
|
||
|
||
<li><!-- CL 312212; issue 19367 -->
|
||
<a href="/pkg/unsafe#Slice"><code>unsafe.Slice</code></a>:
|
||
For expression <code>ptr</code> of type <code>*T</code>,
|
||
<code>unsafe.Slice(ptr, len)</code> returns a slice of
|
||
type <code>[]T</code> whose underlying array starts
|
||
at <code>ptr</code> and whose length and capacity
|
||
are <code>len</code>.
|
||
</li>
|
||
</ul>
|
||
|
||
<p>
|
||
The package unsafe enhancements were added to simplify writing code that conforms
|
||
to <code>unsafe.Pointer</code>'s <a href="/pkg/unsafe/#Pointer">safety
|
||
rules</a>, but the rules remain unchanged. In particular, existing
|
||
programs that correctly use <code>unsafe.Pointer</code> remain
|
||
valid, and new programs must still follow the rules when
|
||
using <code>unsafe.Add</code> or <code>unsafe.Slice</code>.
|
||
</p>
|
||
|
||
|
||
<p>
|
||
Note that the new conversion from slice to array pointer is the
|
||
first case in which a type conversion can panic at run time.
|
||
Analysis tools that assume type conversions can never panic
|
||
should be updated to consider this possibility.
|
||
</p>
|
||
|
||
<h2 id="ports">Ports</h2>
|
||
|
||
<h3 id="darwin">Darwin</h3>
|
||
|
||
<p><!-- golang.org/issue/23011 -->
|
||
As <a href="go1.16#darwin">announced</a> in the Go 1.16 release
|
||
notes, Go 1.17 requires macOS 10.13 High Sierra or later; support
|
||
for previous versions has been discontinued.
|
||
</p>
|
||
|
||
<h3 id="windows">Windows</h3>
|
||
|
||
<p><!-- golang.org/issue/36439 -->
|
||
Go 1.17 adds support of 64-bit ARM architecture on Windows (the
|
||
<code>windows/arm64</code> port). This port supports cgo.
|
||
</p>
|
||
|
||
<h3 id="openbsd">OpenBSD</h3>
|
||
|
||
<p><!-- golang.org/issue/43005 -->
|
||
The 64-bit MIPS architecture on OpenBSD (the <code>openbsd/mips64</code>
|
||
port) now supports cgo.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/36435 -->
|
||
In Go 1.16, on the 64-bit x86 and 64-bit ARM architectures on
|
||
OpenBSD (the <code>openbsd/amd64</code> and <code>openbsd/arm64</code>
|
||
ports) system calls are made through <code>libc</code>, instead
|
||
of directly using machine instructions. In Go 1.17, this is also
|
||
done on the 32-bit x86 and 32-bit ARM architectures on OpenBSD
|
||
(the <code>openbsd/386</code> and <code>openbsd/arm</code> ports).
|
||
This ensures compatibility with OpenBSD 6.9 onwards, which require
|
||
system calls to be made through <code>libc</code> for non-static
|
||
Go binaries.
|
||
</p>
|
||
|
||
<h3 id="arm64">ARM64</h3>
|
||
|
||
<p><!-- CL 288814 -->
|
||
Go programs now maintain stack frame pointers on the 64-bit ARM
|
||
architecture on all operating systems. Previously it maintained
|
||
stack frame pointers only on Linux, macOS, and iOS.
|
||
</p>
|
||
|
||
<h3 id="loong64">loong64 GOARCH value reserved</h3>
|
||
|
||
<p><!-- CL 333909 -->
|
||
The main Go compiler does not yet support the LoongArch
|
||
architecture, but we've reserved the <code>GOARCH</code> value
|
||
"<code>loong64</code>".
|
||
This means that Go files named <code>*_loong64.go</code> will now
|
||
be <a href="/pkg/go/build/#hdr-Build_Constraints">ignored by Go
|
||
tools</a> except when that GOARCH value is being used.
|
||
</p>
|
||
|
||
<h2 id="tools">Tools</h2>
|
||
|
||
<h3 id="go-command">Go command</h3>
|
||
|
||
<h4 id="lazy-loading">Lazy module loading</h4>
|
||
|
||
<p><!-- golang.org/issue/36460 -->
|
||
If a module specifies <code>go</code> <code>1.17</code> or higher in its
|
||
<code>go.mod</code> file, its transitive requirements are now loaded lazily,
|
||
avoiding the need to download or read <code>go.mod</code> files for
|
||
otherwise-irrelevant dependencies. To support lazy loading, in Go 1.17 modules
|
||
the <code>go</code> command maintains <em>explicit</em> requirements in
|
||
the <code>go.mod</code> file for every dependency that provides any package
|
||
transitively imported by any package or test within the module.
|
||
See <a href="https://golang.org/design/36460-lazy-module-loading">the design
|
||
document</a> for more detail.
|
||
<!-- TODO(bcmills): replace the design-doc link with proper documentation. -->
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/45965 -->
|
||
Because the number of additional explicit requirements in the go.mod file may
|
||
be substantial, in a Go 1.17 module the newly-added requirements
|
||
on <em>indirect</em> dependencies are maintained in a
|
||
separate <code>require</code> block from the block containing direct
|
||
dependencies.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/45094 -->
|
||
To facilitate the upgrade to lazy loading, the
|
||
<code>go</code> <code>mod</code> <code>tidy</code> subcommand now supports
|
||
a <code>-go</code> flag to set or change the <code>go</code> version in
|
||
the <code>go.mod</code> file. To enable lazy loading for an existing module
|
||
without changing the selected versions of its dependencies, run:
|
||
</p>
|
||
|
||
<pre>
|
||
go mod tidy -go=1.17
|
||
</pre>
|
||
|
||
<p><!-- golang.org/issue/46141 -->
|
||
By default, <code>go</code> <code>mod</code> <code>tidy</code> verifies that
|
||
the selected versions of dependencies relevant to the main module are the same
|
||
versions that would be used by the prior Go release (Go 1.16 for a module that
|
||
specifies <code>go</code> <code>1.17</code>), and preserves
|
||
the <code>go.sum</code> entries needed by that release even for dependencies
|
||
that are not normally needed by other commands.
|
||
</p>
|
||
|
||
<p>
|
||
The <code>-compat</code> flag allows that version to be overridden to support
|
||
older (or only newer) versions, up to the version specified by
|
||
the <code>go</code> directive in the <code>go.mod</code> file. To tidy
|
||
a <code>go</code> <code>1.17</code> module for Go 1.17 only, without saving
|
||
checksums for (or checking for consistency with) Go 1.16:
|
||
</p>
|
||
|
||
<pre>
|
||
go mod tidy -compat=1.17
|
||
</pre>
|
||
|
||
<p>
|
||
Note that even if the main module is tidied with <code>-compat=1.17</code>,
|
||
users who <code>require</code> the module from a
|
||
<code>go</code> <code>1.16</code> or earlier module will still be able to
|
||
use it, provided that the packages use only compatible language and library
|
||
features.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/46366 -->
|
||
The <code>go</code> <code>mod</code> <code>graph</code> subcommand also
|
||
supports the <code>-go</code> flag, which causes it to report the graph as
|
||
seen by the indicated Go version, showing dependencies that may otherwise be
|
||
pruned out by lazy loading.
|
||
</p>
|
||
|
||
<h4 id="module-deprecation-comments">Module deprecation comments</h4>
|
||
|
||
<p><!-- golang.org/issue/40357 -->
|
||
Module authors may deprecate a module by adding a
|
||
<a href="/ref/mod#go-mod-file-module-deprecation"><code>// Deprecated:</code>
|
||
comment</a> to <code>go.mod</code>, then tagging a new version.
|
||
<code>go</code> <code>get</code> now prints a warning if a module needed to
|
||
build packages named on the command line is deprecated. <code>go</code>
|
||
<code>list</code> <code>-m</code> <code>-u</code> prints deprecations for all
|
||
dependencies (use <code>-f</code> or <code>-json</code> to show the full
|
||
message). The <code>go</code> command considers different major versions to
|
||
be distinct modules, so this mechanism may be used, for example, to provide
|
||
users with migration instructions for a new major version.
|
||
</p>
|
||
|
||
<h4 id="go-get"><code>go</code> <code>get</code></h4>
|
||
|
||
<p><!-- golang.org/issue/37519 -->
|
||
The <code>go</code> <code>get</code> <code>-insecure</code> flag is
|
||
deprecated and has been removed. To permit the use of insecure schemes
|
||
when fetching dependencies, please use the <code>GOINSECURE</code>
|
||
environment variable. The <code>-insecure</code> flag also bypassed module
|
||
sum validation, use <code>GOPRIVATE</code> or <code>GONOSUMDB</code> if
|
||
you need that functionality. See <code>go</code> <code>help</code>
|
||
<code>environment</code> for details.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/43684 -->
|
||
<code>go</code> <code>get</code> prints a deprecation warning when installing
|
||
commands outside the main module (without the <code>-d</code> flag).
|
||
<code>go</code> <code>install</code> <code>cmd@version</code> should be used
|
||
instead to install a command at a specific version, using a suffix like
|
||
<code>@latest</code> or <code>@v1.2.3</code>. In Go 1.18, the <code>-d</code>
|
||
flag will always be enabled, and <code>go</code> <code>get</code> will only
|
||
be used to change dependencies in <code>go.mod</code>.
|
||
</p>
|
||
|
||
<h4 id="missing-go-directive"><code>go.mod</code> files missing <code>go</code> directives</h4>
|
||
|
||
<p><!-- golang.org/issue/44976 -->
|
||
If the main module's <code>go.mod</code> file does not contain
|
||
a <a href="/doc/modules/gomod-ref#go"><code>go</code> directive</a> and
|
||
the <code>go</code> command cannot update the <code>go.mod</code> file, the
|
||
<code>go</code> command now assumes <code>go 1.11</code> instead of the
|
||
current release. (<code>go</code> <code>mod</code> <code>init</code> has added
|
||
<code>go</code> directives automatically <a href="/doc/go1.12#modules">since
|
||
Go 1.12</a>.)
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/44976 -->
|
||
If a module dependency lacks an explicit <code>go.mod</code> file, or
|
||
its <code>go.mod</code> file does not contain
|
||
a <a href="/doc/modules/gomod-ref#go"><code>go</code> directive</a>,
|
||
the <code>go</code> command now assumes <code>go 1.16</code> for that
|
||
dependency instead of the current release. (Dependencies developed in GOPATH
|
||
mode may lack a <code>go.mod</code> file, and
|
||
the <code>vendor/modules.txt</code> has to date never recorded
|
||
the <code>go</code> versions indicated by dependencies' <code>go.mod</code>
|
||
files.)
|
||
</p>
|
||
|
||
<h4 id="vendor"><code>vendor</code> contents</h4>
|
||
|
||
<p><!-- golang.org/issue/36876 -->
|
||
If the main module specifies <code>go</code> <code>1.17</code> or higher,
|
||
<code>go</code> <code>mod</code> <code>vendor</code> now annotates
|
||
<code>vendor/modules.txt</code> with the <code>go</code> version indicated by
|
||
each vendored module in its own <code>go.mod</code> file. The annotated
|
||
version is used when building the module's packages from vendored source code.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/42970 -->
|
||
If the main module specifies <code>go</code> <code>1.17</code> or higher,
|
||
<code>go</code> <code>mod</code> <code>vendor</code> now omits <code>go.mod</code>
|
||
and <code>go.sum</code> files for vendored dependencies, which can otherwise
|
||
interfere with the ability of the <code>go</code> command to identify the correct
|
||
module root when invoked within the <code>vendor</code> tree.
|
||
</p>
|
||
|
||
<h4 id="password-prompts">Password prompts</h4>
|
||
|
||
<p><!-- golang.org/issue/44904 -->
|
||
The <code>go</code> command by default now suppresses SSH password prompts and
|
||
Git Credential Manager prompts when fetching Git repositories using SSH, as it
|
||
already did previously for other Git password prompts. Users authenticating to
|
||
private Git repos with password-protected SSH may configure
|
||
an <code>ssh-agent</code> to enable the <code>go</code> command to use
|
||
password-protected SSH keys.
|
||
</p>
|
||
|
||
<h4 id="go-mod-download"><code>go</code> <code>mod</code> <code>download</code></h4>
|
||
|
||
<p><!-- golang.org/issue/45332 -->
|
||
When <code>go</code> <code>mod</code> <code>download</code> is invoked without
|
||
arguments, it will no longer save sums for downloaded module content to
|
||
<code>go.sum</code>. It may still make changes to <code>go.mod</code> and
|
||
<code>go.sum</code> needed to load the build list. This is the same as the
|
||
behavior in Go 1.15. To save sums for all modules, use <code>go</code>
|
||
<code>mod</code> <code>download</code> <code>all</code>.
|
||
</p>
|
||
|
||
<h4 id="build-lines"><code>//go:build</code> lines</h4>
|
||
|
||
<p>
|
||
The <code>go</code> command now understands <code>//go:build</code> lines
|
||
and prefers them over <code>// +build</code> lines. The new syntax uses
|
||
boolean expressions, just like Go, and should be less error-prone.
|
||
As of this release, the new syntax is fully supported, and all Go files
|
||
should be updated to have both forms with the same meaning. To aid in
|
||
migration, <a href="#gofmt"><code>gofmt</code></a> now automatically
|
||
synchronizes the two forms. For more details on the syntax and migration plan,
|
||
see
|
||
<a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
|
||
</p>
|
||
|
||
<h4 id="go run"><code>go</code> <code>run</code></h4>
|
||
|
||
<p><!-- golang.org/issue/42088 -->
|
||
<code>go</code> <code>run</code> now accepts arguments with version suffixes
|
||
(for example, <code>go</code> <code>run</code>
|
||
<code>example.com/cmd@v1.0.0</code>). This causes <code>go</code>
|
||
<code>run</code> to build and run packages in module-aware mode, ignoring the
|
||
<code>go.mod</code> file in the current directory or any parent directory, if
|
||
there is one. This is useful for running executables without installing them or
|
||
without changing dependencies of the current module.
|
||
</p>
|
||
|
||
<h3 id="gofmt">Gofmt</h3>
|
||
|
||
<p>
|
||
<code>gofmt</code> (and <code>go</code> <code>fmt</code>) now synchronizes
|
||
<code>//go:build</code> lines with <code>// +build</code> lines. If a file
|
||
only has <code>// +build</code> lines, they will be moved to the appropriate
|
||
location in the file, and matching <code>//go:build</code> lines will be
|
||
added. Otherwise, <code>// +build</code> lines will be overwritten based on
|
||
any existing <code>//go:build</code> lines. For more information, see
|
||
<a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
|
||
</p>
|
||
|
||
<h3 id="vet">Vet</h3>
|
||
|
||
<h4 id="vet-buildtags">New warning for mismatched <code>//go:build</code> and <code>// +build</code> lines</h4>
|
||
|
||
<p><!-- CL 240609 -->
|
||
The <code>vet</code> tool now verifies that <code>//go:build</code> and
|
||
<code>// +build</code> lines are in the correct part of the file and
|
||
synchronized with each other. If they aren't,
|
||
<a href="#gofmt"><code>gofmt</code></a> can be used to fix them. For more
|
||
information, see
|
||
<a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
|
||
</p>
|
||
|
||
<h4 id="vet-sigchanyzer">New warning for calling <code>signal.Notify</code> on unbuffered channels</h4>
|
||
|
||
<p><!-- CL 299532 -->
|
||
The vet tool now warns about calls to <a href="/pkg/os/signal/#Notify">signal.Notify</a>
|
||
with incoming signals being sent to an unbuffered channel. Using an unbuffered channel
|
||
risks missing signals sent on them as <code>signal.Notify</code> does not block when
|
||
sending to a channel. For example:
|
||
</p>
|
||
|
||
<pre>
|
||
c := make(chan os.Signal)
|
||
// signals are sent on c before the channel is read from.
|
||
// This signal may be dropped as c is unbuffered.
|
||
signal.Notify(c, os.Interrupt)
|
||
</pre>
|
||
|
||
<p>
|
||
Users of <code>signal.Notify</code> should use channels with sufficient buffer space to keep up with the
|
||
expected signal rate.
|
||
</p>
|
||
|
||
<h4 id="vet-error-stdmethods">New warnings for Is, As and Unwrap methods</h4>
|
||
|
||
<p><!-- CL 321389 -->
|
||
The vet tool now warns about methods named <code>As</code>, <code>Is</code> or <code>Unwrap</code>
|
||
on types implementing the <code>error</code> interface that have a different signature than the
|
||
one expected by the <code>errors</code> package. The <code>errors.{As,Is,Unwrap}</code> functions
|
||
expect such methods to implement either <code>Is(error)</code> <code>bool</code>,
|
||
<code>As(interface{})</code> <code>bool</code>, or <code>Unwrap()</code> <code>error</code>
|
||
respectively. The functions <code>errors.{As,Is,Unwrap}</code> will ignore methods with the same
|
||
names but a different signature. For example:
|
||
</p>
|
||
|
||
<pre>
|
||
type MyError struct { hint string }
|
||
func (m MyError) Error() string { ... } // MyError implements error.
|
||
func (MyError) Is(target interface{}) bool { ... } // target is interface{} instead of error.
|
||
func Foo() bool {
|
||
x, y := MyError{"A"}, MyError{"B"}
|
||
return errors.Is(x, y) // returns false as x != y and MyError does not have an `Is(error) bool` function.
|
||
}
|
||
</pre>
|
||
|
||
<h3 id="cover">Cover</h3>
|
||
|
||
<p><!-- CL 249759 -->
|
||
The <code>cover</code> tool now uses an optimized parser
|
||
from <code>golang.org/x/tools/cover</code>, which may be noticeably faster
|
||
when parsing large coverage profiles.
|
||
</p>
|
||
|
||
<h2 id="compiler">Compiler</h2>
|
||
|
||
<p><!-- golang.org/issue/40724 -->
|
||
Go 1.17 implements a new way of passing function arguments and results using
|
||
registers instead of the stack.
|
||
Benchmarks for a representative set of Go packages and programs show
|
||
performance improvements of about 5%, and a typical reduction in
|
||
binary size of about 2%.
|
||
This is currently enabled for Linux, macOS, and Windows on the
|
||
64-bit x86 architecture (the <code>linux/amd64</code>,
|
||
<code>darwin/amd64</code>, and <code>windows/amd64</code> ports).
|
||
</p>
|
||
|
||
<p>
|
||
This change does not affect the functionality of any safe Go code
|
||
and is designed to have no impact on most assembly code.
|
||
It may affect code that violates
|
||
the <a href="/pkg/unsafe#Pointer"><code>unsafe.Pointer</code></a>
|
||
rules when accessing function arguments, or that depends on
|
||
undocumented behavior involving comparing function code pointers.
|
||
To maintain compatibility with existing assembly functions, the
|
||
compiler generates adapter functions that convert between the new
|
||
register-based calling convention and the previous stack-based
|
||
calling convention.
|
||
These adapters are typically invisible to users, except that taking
|
||
the address of a Go function in assembly code or taking the address
|
||
of an assembly function in Go code
|
||
using <code>reflect.ValueOf(fn).Pointer()</code>
|
||
or <code>unsafe.Pointer</code> will now return the address of the
|
||
adapter.
|
||
Code that depends on the value of these code pointers may no longer
|
||
behave as expected.
|
||
Adapters also may cause a very small performance overhead in two
|
||
cases: calling an assembly function indirectly from Go via
|
||
a <code>func</code> value, and calling Go functions from assembly.
|
||
</p>
|
||
|
||
<p><!-- CL 304470 -->
|
||
The format of stack traces from the runtime (printed when an uncaught panic
|
||
occurs, or when <code>runtime.Stack</code> is called) is improved. Previously,
|
||
the function arguments were printed as hexadecimal words based on the memory
|
||
layout. Now each argument in the source code is printed separately, separated
|
||
by commas. Aggregate-typed (struct, array, string, slice, interface, and complex)
|
||
arguments are delimited by curly braces. A caveat is that the value of an
|
||
argument that only lives in a register and is not stored to memory may be
|
||
inaccurate. Function return values (which were usually inaccurate) are no longer
|
||
printed.
|
||
</p>
|
||
|
||
<p><!-- CL 283112, golang.org/issue/28727 -->
|
||
Functions containing closures can now be inlined.
|
||
One effect of this change is that a function with a closure may
|
||
produce a distinct closure code pointer for each place that the
|
||
function is inlined.
|
||
Go function values are not directly comparable, but this change
|
||
could reveal bugs in code that uses <code>reflect</code>
|
||
or <code>unsafe.Pointer</code> to bypass this language restriction
|
||
and compare functions by code pointer.
|
||
</p>
|
||
|
||
<h2 id="library">Core library</h2>
|
||
|
||
<h3 id="runtime/cgo"><a href="/pkg/runtime/cgo">Cgo</a></h3>
|
||
|
||
<p>
|
||
The <a href="/pkg/runtime/cgo">runtime/cgo</a> package now provides a
|
||
new facility that allows to turn any Go values to a safe representation
|
||
that can be used to pass values between C and Go safely. See
|
||
<a href="/pkg/runtime/cgo#Handle">runtime/cgo.Handle</a> for more information.
|
||
</p>
|
||
|
||
<h3 id="semicolons">URL query parsing</h3>
|
||
<!-- CL 325697, CL 326309 -->
|
||
|
||
<p>
|
||
The <code>net/url</code> and <code>net/http</code> packages used to accept
|
||
<code>";"</code> (semicolon) as a setting separator in URL queries, in
|
||
addition to <code>"&"</code> (ampersand). Now, settings with non-percent-encoded
|
||
semicolons are rejected and <code>net/http</code> servers will log a warning to
|
||
<a href="/pkg/net/http#Server.ErrorLog"><code>Server.ErrorLog</code></a>
|
||
when encountering one in a request URL.
|
||
</p>
|
||
|
||
<p>
|
||
For example, before Go 1.17 the <a href="/pkg/net/url#URL.Query"><code>Query</code></a>
|
||
method of the URL <code>example?a=1;b=2&c=3</code> would have returned
|
||
<code>map[a:[1] b:[2] c:[3]]</code>, while now it returns <code>map[c:[3]]</code>.
|
||
</p>
|
||
|
||
<p>
|
||
When encountering such a query string,
|
||
<a href="/pkg/net/url#URL.Query"><code>URL.Query</code></a>
|
||
and
|
||
<a href="/pkg/net/http#Request.FormValue"><code>Request.FormValue</code></a>
|
||
ignore any settings that contain a semicolon,
|
||
<a href="/pkg/net/url#ParseQuery"><code>ParseQuery</code></a>
|
||
returns the remaining settings and an error, and
|
||
<a href="/pkg/net/http#Request.ParseForm"><code>Request.ParseForm</code></a>
|
||
and
|
||
<a href="/pkg/net/http#Request.ParseMultipartForm"><code>Request.ParseMultipartForm</code></a>
|
||
return an error but still set <code>Request</code> fields based on the
|
||
remaining settings.
|
||
</p>
|
||
|
||
<p>
|
||
<code>net/http</code> users can restore the original behavior by using the new
|
||
<a href="/pkg/net/http#AllowQuerySemicolons"><code>AllowQuerySemicolons</code></a>
|
||
handler wrapper. This will also suppress the <code>ErrorLog</code> warning.
|
||
Note that accepting semicolons as query separators can lead to security issues
|
||
if different systems interpret cache keys differently.
|
||
See <a href="https://golang.org/issue/25192">issue 25192</a> for more information.
|
||
</p>
|
||
|
||
<h3 id="ALPN">TLS strict ALPN</h3>
|
||
<!-- CL 289209, CL 325432 -->
|
||
|
||
<p>
|
||
When <a href="/pkg/crypto/tls#Config.NextProtos"><code>Config.NextProtos</code></a>
|
||
is set, servers now enforce that there is an overlap between the configured
|
||
protocols and the ALPN protocols advertised by the client, if any. If there is
|
||
no mutually supported protocol, the connection is closed with the
|
||
<code>no_application_protocol</code> alert, as required by RFC 7301. This
|
||
helps mitigate <a href="https://alpaca-attack.com/">the ALPACA cross-protocol attack</a>.
|
||
</p>
|
||
|
||
<p>
|
||
As an exception, when the value <code>"h2"</code> is included in the server's
|
||
<code>Config.NextProtos</code>, HTTP/1.1 clients will be allowed to connect as
|
||
if they didn't support ALPN.
|
||
See <a href="https://golang.org/issue/46310">issue 46310</a> for more information.
|
||
</p>
|
||
|
||
<h3 id="minor_library_changes">Minor changes to the library</h3>
|
||
|
||
<p>
|
||
As always, there are various minor changes and updates to the library,
|
||
made with the Go 1 <a href="/doc/go1compat">promise of compatibility</a>
|
||
in mind.
|
||
</p>
|
||
|
||
<dl id="archive/zip"><dt><a href="/pkg/archive/zip/">archive/zip</a></dt>
|
||
<dd>
|
||
<p><!-- CL 312310 -->
|
||
The new methods <a href="/pkg/archive/zip#File.OpenRaw"><code>File.OpenRaw</code></a>, <a href="/pkg/archive/zip#Writer.CreateRaw"><code>Writer.CreateRaw</code></a>, <a href="/pkg/archive/zip#Writer.Copy"><code>Writer.Copy</code></a> provide support for cases where performance is a primary concern.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- archive/zip -->
|
||
|
||
<dl id="bufio"><dt><a href="/pkg/bufio/">bufio</a></dt>
|
||
<dd>
|
||
<p><!-- CL 280492 -->
|
||
The <a href="/pkg/bufio/#Writer.WriteRune"><code>Writer.WriteRune</code></a> method
|
||
now writes the replacement character U+FFFD for negative rune values,
|
||
as it does for other invalid runes.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- bufio -->
|
||
|
||
<dl id="bytes"><dt><a href="/pkg/bytes/">bytes</a></dt>
|
||
<dd>
|
||
<p><!-- CL 280492 -->
|
||
The <a href="/pkg/bytes/#Buffer.WriteRune"><code>Buffer.WriteRune</code></a> method
|
||
now writes the replacement character U+FFFD for negative rune values,
|
||
as it does for other invalid runes.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- bytes -->
|
||
|
||
<dl id="compress/lzw"><dt><a href="/pkg/compress/lzw/">compress/lzw</a></dt>
|
||
<dd>
|
||
<p><!-- CL 273667 -->
|
||
The <a href="/pkg/compress/lzw/#NewReader"><code>NewReader</code></a>
|
||
function is guaranteed to return a value of the new
|
||
type <a href="/pkg/compress/lzw/#Reader"><code>Reader</code></a>,
|
||
and similarly <a href="/pkg/compress/lzw/#NewWriter"><code>NewWriter</code></a>
|
||
is guaranteed to return a value of the new
|
||
type <a href="/pkg/compress/lzw/#Writer"><code>Writer</code></a>.
|
||
These new types both implement a <code>Reset</code> method
|
||
(<a href="/pkg/compress/lzw/#Reader.Reset"><code>Reader.Reset</code></a>,
|
||
<a href="/pkg/compress/lzw/#Writer.Reset"><code>Writer.Reset</code></a>)
|
||
that allows reuse of the <code>Reader</code> or <code>Writer</code>.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- compress/lzw -->
|
||
|
||
<dl id="crypto/ed25519"><dt><a href="/pkg/crypto/ed25519/">crypto/ed25519</a></dt>
|
||
<dd>
|
||
<p><!-- CL 276272 -->
|
||
The <code>crypto/ed25519</code> package has been rewritten, and all
|
||
operations are now approximately twice as fast on amd64 and arm64.
|
||
The observable behavior has not otherwise changed.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- crypto/ed25519 -->
|
||
|
||
<dl id="crypto/elliptic"><dt><a href="/pkg/crypto/elliptic/">crypto/elliptic</a></dt>
|
||
<dd>
|
||
<p><!-- CL 233939 -->
|
||
<a href="/pkg/crypto/elliptic#CurveParams"><code>CurveParams</code></a>
|
||
methods now automatically invoke faster and safer dedicated
|
||
implementations for known curves (P-224, P-256, and P-521) when
|
||
available. Note that this is a best-effort approach and applications
|
||
should avoid using the generic, not constant-time <code>CurveParams</code>
|
||
methods and instead use dedicated
|
||
<a href="/pkg/crypto/elliptic#Curve"><code>Curve</code></a> implementations
|
||
such as <a href="/pkg/crypto/elliptic#P256"><code>P256</code></a>.
|
||
</p>
|
||
|
||
<p><!-- CL 315271, CL 315274 -->
|
||
The <a href="/pkg/crypto/elliptic#P521"><code>P521</code></a> curve
|
||
implementation has been rewritten using code generated by the
|
||
<a href="https://github.com/mit-plv/fiat-crypto">fiat-crypto project</a>,
|
||
which is based on a formally-verified model of the arithmetic
|
||
operations. It is now constant-time and three times faster on amd64 and
|
||
arm64. The observable behavior has not otherwise changed.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- crypto/elliptic -->
|
||
|
||
<dl id="crypto/rand"><dt><a href="/pkg/crypto/rand/">crypto/rand</a></dt>
|
||
<dd>
|
||
<p><!-- CL 302489, CL 299134, CL 269999 -->
|
||
The <code>crypto/rand</code> package now uses the <code>getentropy</code>
|
||
syscall on macOS and the <code>getrandom</code> syscall on Solaris,
|
||
Illumos, and DragonFlyBSD.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- crypto/rand -->
|
||
|
||
<dl id="crypto/tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
|
||
<dd>
|
||
<p><!-- CL 295370 -->
|
||
The new <a href="/pkg/crypto/tls#Conn.HandshakeContext"><code>Conn.HandshakeContext</code></a>
|
||
method allows the user to control cancellation of an in-progress TLS
|
||
handshake. The provided context is accessible from various callbacks through the new
|
||
<a href="/pkg/crypto/tls#ClientHelloInfo.Context"><code>ClientHelloInfo.Context</code></a> and
|
||
<a href="/pkg/crypto/tls#CertificateRequestInfo.Context"><code>CertificateRequestInfo.Context</code></a>
|
||
methods. Canceling the context after the handshake has finished has no effect.
|
||
</p>
|
||
|
||
<p><!-- CL 314609 -->
|
||
Cipher suite ordering is now handled entirely by the
|
||
<code>crypto/tls</code> package. Currently, cipher suites are sorted based
|
||
on their security, performance, and hardware support taking into account
|
||
both the local and peer's hardware. The order of the
|
||
<a href="/pkg/crypto/tls#Config.CipherSuites"><code>Config.CipherSuites</code></a>
|
||
field is now ignored, as well as the
|
||
<a href="/pkg/crypto/tls#Config.PreferServerCipherSuites"><code>Config.PreferServerCipherSuites</code></a>
|
||
field. Note that <code>Config.CipherSuites</code> still allows
|
||
applications to choose what TLS 1.0–1.2 cipher suites to enable.
|
||
</p>
|
||
|
||
<p>
|
||
The 3DES cipher suites have been moved to
|
||
<a href="/pkg/crypto/tls#InsecureCipherSuites"><code>InsecureCipherSuites</code></a>
|
||
due to <a href="https://sweet32.info/">fundamental block size-related
|
||
weakness</a>. They are still enabled by default but only as a last resort,
|
||
thanks to the cipher suite ordering change above.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/45428 -->
|
||
Beginning in the next release, Go 1.18, the
|
||
<a href="/pkg/crypto/tls/#Config.MinVersion"><code>Config.MinVersion</code></a>
|
||
for <code>crypto/tls</code> clients will default to TLS 1.2, disabling TLS 1.0
|
||
and TLS 1.1 by default. Applications will be able to override the change by
|
||
explicitly setting <code>Config.MinVersion</code>.
|
||
This will not affect <code>crypto/tls</code> servers.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- crypto/tls -->
|
||
|
||
<dl id="crypto/x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
|
||
<dd>
|
||
<p><!-- CL 224157 -->
|
||
<a href="/pkg/crypto/x509/#CreateCertificate"><code>CreateCertificate</code></a>
|
||
now returns an error if the provided private key doesn't match the
|
||
parent's public key, if any. The resulting certificate would have failed
|
||
to verify.
|
||
</p>
|
||
|
||
<p><!-- CL 315209 -->
|
||
The temporary <code>GODEBUG=x509ignoreCN=0</code> flag has been removed.
|
||
</p>
|
||
|
||
<p><!-- CL 274234 -->
|
||
<a href="/pkg/crypto/x509/#ParseCertificate"><code>ParseCertificate</code></a>
|
||
has been rewritten, and now consumes ~70% fewer resources. The observable
|
||
behavior has not otherwise changed, except for error messages.
|
||
</p>
|
||
|
||
<p><!-- CL 321190 -->
|
||
On BSD systems, <code>/etc/ssl/certs</code> is now searched for trusted
|
||
roots. This adds support for the new system trusted certificate store in
|
||
FreeBSD 12.2+.
|
||
</p>
|
||
|
||
<p><!-- golang.org/issue/41682 -->
|
||
Beginning in the next release, Go 1.18, <code>crypto/x509</code> will
|
||
reject certificates signed with the SHA-1 hash function. This doesn't
|
||
apply to self-signed root certificates. Practical attacks against SHA-1
|
||
<a href="https://shattered.io/">have been demonstrated in 2017</a> and publicly
|
||
trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- crypto/x509 -->
|
||
|
||
<dl id="database/sql"><dt><a href="/pkg/database/sql/">database/sql</a></dt>
|
||
<dd>
|
||
<p><!-- CL 258360 -->
|
||
The <a href="/pkg/database/sql/#DB.Close"><code>DB.Close</code></a> method now closes
|
||
the <code>connector</code> field if the type in this field implements the
|
||
<a href="/pkg/io/#Closer"><code>io.Closer</code></a> interface.
|
||
</p>
|
||
|
||
<p><!-- CL 311572 -->
|
||
The new
|
||
<a href="/pkg/database/sql/#NullInt16"><code>NullInt16</code></a>
|
||
and
|
||
<a href="/pkg/database/sql/#NullByte"><code>NullByte</code></a>
|
||
structs represent the int16 and byte values that may be null. These can be used as
|
||
destinations of the <a href="/pkg/database/sql/#Scan"><code>Scan</code></a> method,
|
||
similar to NullString.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- database/sql -->
|
||
|
||
<dl id="debug/elf"><dt><a href="/pkg/debug/elf/">debug/elf</a></dt>
|
||
<dd>
|
||
<p><!-- CL 239217 -->
|
||
The <a href="/pkg/debug/elf/#SHT_MIPS_ABIFLAGS"><code>SHT_MIPS_ABIFLAGS</code></a>
|
||
constant has been added.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- debug/elf -->
|
||
|
||
<dl id="encoding/binary"><dt><a href="/pkg/encoding/binary/">encoding/binary</a></dt>
|
||
<dd>
|
||
<p><!-- CL 299531 -->
|
||
<code>binary.Uvarint</code> will stop reading after <code>10 bytes</code> to avoid
|
||
wasted computations. If more than <code>10 bytes</code> are needed, the byte count returned is <code>-11</code>.
|
||
<br />
|
||
Previous Go versions could return larger negative counts when reading incorrectly encoded varints.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- encoding/binary -->
|
||
|
||
<dl id="encoding/csv"><dt><a href="/pkg/encoding/csv/">encoding/csv</a></dt>
|
||
<dd>
|
||
<p><!-- CL 291290 -->
|
||
The new
|
||
<a href="/pkg/encoding/csv/#Reader.FieldPos"><code>Reader.FieldPos</code></a>
|
||
method returns the line and column corresponding to the start of
|
||
a given field in the record most recently returned by
|
||
<a href="/pkg/encoding/csv/#Reader.Read"><code>Read</code></a>.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- encoding/csv -->
|
||
|
||
<dl id="encoding/xml"><dt><a href="/pkg/encoding/xml/">encoding/xml</a></dt>
|
||
<dd>
|
||
<p><!-- CL 277893 -->
|
||
When a comment appears within a
|
||
<a href="/pkg/encoding/xml/#Directive"><code>Directive</code></a>, it is now replaced
|
||
with a single space instead of being completely elided.
|
||
</p>
|
||
|
||
<p>
|
||
Invalid element or attribute names with leading, trailing, or multiple
|
||
colons are now stored unmodified into the
|
||
<a href="/pkg/encoding/xml/#Name"><code>Name.Local</code></a> field.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- encoding/xml -->
|
||
|
||
<dl id="flag"><dt><a href="/pkg/flag/">flag</a></dt>
|
||
<dd>
|
||
<p><!-- CL 271788 -->
|
||
Flag declarations now panic if an invalid name is specified.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- flag -->
|
||
|
||
<dl id="go/build"><dt><a href="/pkg/go/build/">go/build</a></dt>
|
||
<dd>
|
||
<p><!-- CL 310732 -->
|
||
The new
|
||
<a href="/pkg/go/build/#Context.ToolTags"><code>Context.ToolTags</code></a>
|
||
field holds the build tags appropriate to the current Go
|
||
toolchain configuration.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- go/build -->
|
||
|
||
<dl id="go/format"><dt><a href="/pkg/go/format/">go/format</a></dt>
|
||
<dd>
|
||
<p>
|
||
The <a href="/pkg/go/format/#Source"><code>Source</code></a> and
|
||
<a href="/pkg/go/format/#Node"><code>Node</code></a> functions now
|
||
synchronize <code>//go:build</code> lines with <code>// +build</code>
|
||
lines. If a file only has <code>// +build</code> lines, they will be
|
||
moved to the appropriate location in the file, and matching
|
||
<code>//go:build</code> lines will be added. Otherwise,
|
||
<code>// +build</code> lines will be overwritten based on any existing
|
||
<code>//go:build</code> lines. For more information, see
|
||
<a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- go/format -->
|
||
|
||
<dl id="go/parser"><dt><a href="/pkg/go/parser/">go/parser</a></dt>
|
||
<dd>
|
||
<p><!-- CL 306149 -->
|
||
The new <a href="/pkg/go/parser/#SkipObjectResolution"><code>SkipObjectResolution</code></a>
|
||
<code>Mode</code> value instructs the parser not to resolve identifiers to
|
||
their declaration. This may improve parsing speed.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- go/parser -->
|
||
|
||
<dl id="image"><dt><a href="/pkg/image/">image</a></dt>
|
||
<dd>
|
||
<p><!-- CL 311129 -->
|
||
The concrete image types (<code>RGBA</code>, <code>Gray16</code> and so on)
|
||
now implement a new <a href="/pkg/image/#RGBA64Image"><code>RGBA64Image</code></a>
|
||
interface. The concrete types that previously implemented
|
||
<a href="/pkg/image/draw/#Image"><code>draw.Image</code></a> now also implement
|
||
<a href="/pkg/image/draw/#RGBA64Image"><code>draw.RGBA64Image</code></a>, a
|
||
new interface in the <code>image/draw</code> package.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- image -->
|
||
|
||
<dl id="io/fs"><dt><a href="/pkg/io/fs/">io/fs</a></dt>
|
||
<dd>
|
||
<p><!-- CL 293649 -->
|
||
The new <a href="/pkg/io/fs/#FileInfoToDirEntry"><code>FileInfoToDirEntry</code></a> function converts a <code>FileInfo</code> to a <code>DirEntry</code>.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- io/fs -->
|
||
|
||
<dl id="math"><dt><a href="/pkg/math/">math</a></dt>
|
||
<dd>
|
||
<p><!-- CL 247058 -->
|
||
The math package now defines three more constants: <code>MaxUint</code>, <code>MaxInt</code> and <code>MinInt</code>.
|
||
For 32-bit systems their values are <code>2^32 - 1</code>, <code>2^31 - 1</code> and <code>-2^31</code>, respectively.
|
||
For 64-bit systems their values are <code>2^64 - 1</code>, <code>2^63 - 1</code> and <code>-2^63</code>, respectively.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- math -->
|
||
|
||
<dl id="mime"><dt><a href="/pkg/mime/">mime</a></dt>
|
||
<dd>
|
||
<p><!-- CL 305230 -->
|
||
On Unix systems, the table of MIME types is now read from the local system's
|
||
<a href="https://specifications.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec-0.21.html">Shared MIME-info Database</a>
|
||
when available.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- mime -->
|
||
|
||
<dl id="mime/multipart"><dt><a href="/pkg/mime/multipart/">mime/multipart</a></dt>
|
||
<dd>
|
||
<p><!-- CL 313809 -->
|
||
<a href="/pkg/mime/multipart/#Part.FileName"><code>Part.FileName</code></a>
|
||
now applies
|
||
<a href="/pkg/path/filepath/#Base"><code>filepath.Base</code></a> to the
|
||
return value. This mitigates potential path traversal vulnerabilities in
|
||
applications that accept multipart messages, such as <code>net/http</code>
|
||
servers that call
|
||
<a href="/pkg/net/http/#Request.FormFile"><code>Request.FormFile</code></a>.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- mime/multipart -->
|
||
|
||
<dl id="net"><dt><a href="/pkg/net/">net</a></dt>
|
||
<dd>
|
||
<p><!-- CL 272668 -->
|
||
The new method <a href="/pkg/net/#IP.IsPrivate"><code>IP.IsPrivate</code></a> reports whether an address is
|
||
a private IPv4 address according to <a href="http://tools.ietf.org/html/rfc1918">RFC 1918</a>
|
||
or a local IPv6 address according <a href="http://tools.ietf.org/html/rfc4193">RFC 4193</a>.
|
||
</p>
|
||
|
||
<p><!-- CL 301709 -->
|
||
The Go DNS resolver now only sends one DNS query when resolving an address for an IPv4-only or IPv6-only network,
|
||
rather than querying for both address families.
|
||
</p>
|
||
|
||
<p><!-- CL 307030 -->
|
||
The <a href="/pkg/net/#ErrClosed"><code>ErrClosed</code></a> sentinel error and
|
||
<a href="/pkg/net/#ParseError"><code>ParseError</code></a> error type now implement
|
||
the <a href="/pkg/net/#Error"><code>net.Error</code></a> interface.
|
||
</p>
|
||
|
||
<p><!-- CL 325829 -->
|
||
The <a href="/pkg/net/#ParseIP"><code>ParseIP</code></a> and <a href="/pkg/net/#ParseCIDR"><code>ParseCIDR</code></a>
|
||
functions now reject IPv4 addresses which contain decimal components with leading zeros.
|
||
|
||
These components were always interpreted as decimal, but some operating systems treat them as octal.
|
||
This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses
|
||
which were then used in their original form with non-Go applications which interpreted components as octal. Generally,
|
||
it is advisable to always re-encode values after validation, which avoids this class of parser misalignment issues.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- net -->
|
||
|
||
<dl id="net/http"><dt><a href="/pkg/net/http/">net/http</a></dt>
|
||
<dd>
|
||
<p><!-- CL 295370 -->
|
||
The <a href="/pkg/net/http/"><code>net/http</code></a> package now uses the new
|
||
<a href="/pkg/crypto/tls#Conn.HandshakeContext"><code>(*tls.Conn).HandshakeContext</code></a>
|
||
with the <a href="/pkg/net/http/#Request"><code>Request</code></a> context
|
||
when performing TLS handshakes in the client or server.
|
||
</p>
|
||
|
||
<p><!-- CL 235437 -->
|
||
Setting the <a href="/pkg/net/http/#Server"><code>Server</code></a>
|
||
<code>ReadTimeout</code> or <code>WriteTimeout</code> fields to a negative value now indicates no timeout
|
||
rather than an immediate timeout.
|
||
</p>
|
||
|
||
<p><!-- CL 308952 -->
|
||
The <a href="/pkg/net/http/#ReadRequest"><code>ReadRequest</code></a> function
|
||
now returns an error when the request has multiple Host headers.
|
||
</p>
|
||
|
||
<p><!-- CL 313950 -->
|
||
When producing a redirect to the cleaned version of a URL,
|
||
<a href="/pkg/net/http/#ServeMux"><code>ServeMux</code></a> now always
|
||
uses relative URLs in the <code>Location</code> header. Previously it
|
||
would echo the full URL of the request, which could lead to unintended
|
||
redirects if the client could be made to send an absolute request URL.
|
||
</p>
|
||
|
||
<p><!-- CL 308009, CL 313489 -->
|
||
When interpreting certain HTTP headers handled by <code>net/http</code>,
|
||
non-ASCII characters are now ignored or rejected.
|
||
</p>
|
||
|
||
<p><!-- CL 325697 -->
|
||
If
|
||
<a href="/pkg/net/http/#Request.ParseForm"><code>Request.ParseForm</code></a>
|
||
returns an error when called by
|
||
<a href="/pkg/net/http/#Request.ParseMultipartForm"><code>Request.ParseMultipartForm</code></a>,
|
||
the latter now continues populating
|
||
<a href="/pkg/net/http/#Request.MultipartForm"><code>Request.MultipartForm</code></a>
|
||
before returning it.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- net/http -->
|
||
|
||
<dl id="net/http/httptest"><dt><a href="/pkg/net/http/httptest/">net/http/httptest</a></dt>
|
||
<dd>
|
||
<p><!-- CL 308950 -->
|
||
<a href="/pkg/net/http/httptest/#ResponseRecorder.WriteHeader"><code>ResponseRecorder.WriteHeader</code></a>
|
||
now panics when the provided code is not a valid three-digit HTTP status code.
|
||
This matches the behavior of <a href="/pkg/net/http/#ResponseWriter"><code>ResponseWriter</code></a>
|
||
implementations in the <a href="/pkg/net/http/"><code>net/http</code></a> package.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- net/http/httptest -->
|
||
|
||
<dl id="net/url"><dt><a href="/pkg/net/url/">net/url</a></dt>
|
||
<dd>
|
||
<p><!-- CL 314850 -->
|
||
The new method <a href="/pkg/net/url/#Values.Has"><code>Values.Has</code></a>
|
||
reports whether a query parameter is set.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- net/url -->
|
||
|
||
<dl id="os"><dt><a href="/pkg/os/">os</a></dt>
|
||
<dd>
|
||
<p><!-- CL 268020 -->
|
||
The <a href="/pkg/os/#File.WriteString"><code>File.WriteString</code></a> method
|
||
has been optimized to not make a copy of the input string.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- os -->
|
||
|
||
<dl id="reflect"><dt><a href="/pkg/reflect/">reflect</a></dt>
|
||
<dd>
|
||
<p><!-- CL 334669 -->
|
||
The new
|
||
<a href="/pkg/reflect/#Value.CanConvert"><code>Value.CanConvert</code></a>
|
||
method reports whether a value can be converted to a type.
|
||
This may be used to avoid a panic when converting a slice to an
|
||
array pointer type if the slice is too short.
|
||
Previously it was sufficient to use
|
||
<a href="/pkg/reflect/#Type.ConvertibleTo"><code>Type.ConvertibleTo</code></a>
|
||
for this, but the newly permitted conversion from slice to array
|
||
pointer type can panic even if the types are convertible.
|
||
</p>
|
||
|
||
<p><!-- CL 266197 -->
|
||
The new
|
||
<a href="/pkg/reflect/#StructField.IsExported"><code>StructField.IsExported</code></a>
|
||
and
|
||
<a href="/pkg/reflect/#Method.IsExported"><code>Method.IsExported</code></a>
|
||
methods report whether a struct field or type method is exported.
|
||
They provide a more readable alternative to checking whether <code>PkgPath</code>
|
||
is empty.
|
||
</p>
|
||
|
||
<p><!-- CL 281233 -->
|
||
The new <a href="/pkg/reflect/#VisibleFields"><code>VisibleFields</code></a> function
|
||
returns all the visible fields in a struct type, including fields inside anonymous struct members.
|
||
</p>
|
||
|
||
<p><!-- CL 284136 -->
|
||
The <a href="/pkg/reflect/#ArrayOf"><code>ArrayOf</code></a> function now panics when
|
||
called with a negative length.
|
||
</p>
|
||
|
||
<p><!-- CL 301652 -->
|
||
Checking the <a href="/pkg/reflect/#Type"><code>Type.ConvertibleTo</code></a> method
|
||
is no longer sufficient to guarantee that a call to
|
||
<a href="/pkg/reflect/#Value.Convert"><code>Value.Convert</code></a> will not panic.
|
||
It may panic when converting `[]T` to `*[N]T` if the slice's length is less than N.
|
||
See the <a href="#language">language changes</a> section above.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- reflect -->
|
||
|
||
<dl id="runtime/metrics"><dt><a href="/pkg/runtime/metrics">runtime/metrics</a></dt>
|
||
<dd>
|
||
<p><!-- CL 308933, CL 312431, CL 312909 -->
|
||
New metrics were added that track total bytes and objects allocated and freed.
|
||
A new metric tracking the distribution of goroutine scheduling latencies was
|
||
also added.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- runtime/metrics -->
|
||
|
||
<dl id="runtime/pprof"><dt><a href="/pkg/runtime/pprof">runtime/pprof</a></dt>
|
||
<dd>
|
||
<p><!-- CL 299991 -->
|
||
Block profiles are no longer biased to favor infrequent long events over
|
||
frequent short events.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- runtime/pprof -->
|
||
|
||
<dl id="strconv"><dt><a href="/pkg/strconv/">strconv</a></dt>
|
||
<dd>
|
||
<p><!-- CL 170079, CL 170080 -->
|
||
The <code>strconv</code> package now uses Ulf Adams's Ryū algorithm for formatting floating-point numbers.
|
||
This algorithm improves performance on most inputs and is more than 99% faster on worst-case inputs.
|
||
</p>
|
||
|
||
<p><!-- CL 314775 -->
|
||
The new <a href="/pkg/strconv/#QuotedPrefix"><code>QuotedPrefix</code></a> function
|
||
returns the quoted string (as understood by
|
||
<a href="/pkg/strconv/#Unquote"><code>Unquote</code></a>)
|
||
at the start of input.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- strconv -->
|
||
|
||
<dl id="strings"><dt><a href="/pkg/strings/">strings</a></dt>
|
||
<dd>
|
||
<p><!-- CL 280492 -->
|
||
The <a href="/pkg/strings/#Builder.WriteRune"><code>Builder.WriteRune</code></a> method
|
||
now writes the replacement character U+FFFD for negative rune values,
|
||
as it does for other invalid runes.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- strings -->
|
||
|
||
<dl id="sync/atomic"><dt><a href="/pkg/sync/atomic/">sync/atomic</a></dt>
|
||
<dd>
|
||
<p><!-- CL 241678 -->
|
||
<code>atomic.Value</code> now has <a href="/pkg/sync/atomic/#Value.Swap"><code>Swap</code></a> and
|
||
<a href="/pkg/sync/atomic/#Value.CompareAndSwap"><code>CompareAndSwap</code></a> methods that provide
|
||
additional atomic operations.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- sync/atomic -->
|
||
|
||
<dl id="syscall"><dt><a href="/pkg/syscall/">syscall</a></dt>
|
||
<dd>
|
||
<p><!-- CL 295371 -->
|
||
<p>
|
||
The <a href="/pkg/syscall/#GetQueuedCompletionStatus"><code>GetQueuedCompletionStatus</code></a> and
|
||
<a href="/pkg/syscall/#PostQueuedCompletionStatus"><code>PostQueuedCompletionStatus</code></a>
|
||
functions are now deprecated. These functions have incorrect signatures and are superseded by
|
||
equivalents in the <a href="https://godoc.org/golang.org/x/sys/windows"><code>golang.org/x/sys/windows</code></a> package.
|
||
</p>
|
||
|
||
<p><!-- CL 313653 -->
|
||
On Unix-like systems, the process group of a child process is now set with signals blocked.
|
||
This avoids sending a <code>SIGTTOU</code> to the child when the parent is in a background process group.
|
||
</p>
|
||
|
||
<p><!-- CL 288298, CL 288300 -->
|
||
The Windows version of
|
||
<a href="/pkg/syscall/#SysProcAttr"><code>SysProcAttr</code></a>
|
||
has two new fields. <code>AdditionalInheritedHandles</code> is
|
||
a list of additional handles to be inherited by the new child
|
||
process. <code>ParentProcess</code> permits specifying the
|
||
parent process of the new process.
|
||
|
||
<p><!-- CL 311570 -->
|
||
The constant <code>MSG_CMSG_CLOEXEC</code> is now defined on
|
||
DragonFly and all OpenBSD systems (it was already defined on
|
||
some OpenBSD systems and all FreeBSD, NetBSD, and Linux systems).
|
||
</p>
|
||
|
||
<p><!-- CL 315281 -->
|
||
The constants <code>SYS_WAIT6</code> and <code>WEXITED</code>
|
||
are now defined on NetBSD systems (<code>SYS_WAIT6</code> was
|
||
already defined on DragonFly and FreeBSD systems;
|
||
<code>WEXITED</code> was already defined on Darwin, DragonFly,
|
||
FreeBSD, Linux, and Solaris systems).
|
||
</p>
|
||
</dd>
|
||
</dl><!-- syscall -->
|
||
|
||
<dl id="testing"><dt><a href="/pkg/testing/">testing</a></dt>
|
||
<dd>
|
||
<p><!-- CL 310033 -->
|
||
Added a new <a href="/cmd/go/#hdr-Testing_flags">testing flag</a> <code>-shuffle</code> which controls the execution order of tests and benchmarks.
|
||
</p>
|
||
<p><!-- CL 260577 -->
|
||
The new
|
||
<a href="/pkg/testing/#T.Setenv"><code>T.Setenv</code></a>
|
||
and <a href="/pkg/testing/#B.Setenv"><code>B.Setenv</code></a>
|
||
methods support setting an environment variable for the duration
|
||
of the test or benchmark.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- testing -->
|
||
|
||
<dl id="text/template/parse"><dt><a href="/pkg/text/template/parse/">text/template/parse</a></dt>
|
||
<dd>
|
||
<p><!-- CL 301493 -->
|
||
The new <a href="/pkg/text/template/parse/#Mode"><code>SkipFuncCheck</code></a> <a href=><code>Mode</code></a>
|
||
value changes the template parser to not verify that functions are defined.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- text/template/parse -->
|
||
|
||
<dl id="time"><dt><a href="/pkg/time/">time</a></dt>
|
||
<dd>
|
||
<p><!-- CL 260858 -->
|
||
The <a href="/pkg/time/#Time"><code>Time</code></a> type now has a
|
||
<a href="/pkg/time/#Time.GoString"><code>GoString</code></a> method that
|
||
will return a more useful value for times when printed with the
|
||
<code>%#v</code> format specifier in the <code>fmt</code> package.
|
||
</p>
|
||
|
||
<p><!-- CL 264077 -->
|
||
The new <a href="/pkg/time/#Time.IsDST"><code>Time.IsDST</code></a> method can be used to check whether the time
|
||
is in Daylight Savings Time in its configured location.
|
||
</p>
|
||
|
||
<p><!-- CL 293349 -->
|
||
The new <a href="/pkg/time/#Time.UnixMilli"><code>Time.UnixMilli</code></a> and
|
||
<a href="/pkg/time/#Time.UnixMicro"><code>Time.UnixMicro</code></a>
|
||
methods return the number of milliseconds and microseconds elapsed since
|
||
January 1, 1970 UTC respectively.
|
||
<br />
|
||
The new <a href="/pkg/time/#UnixMilli"><code>UnixMilli</code></a> and
|
||
<a href="/pkg/time/#UnixMicro"><code>UnixMicro</code></a> functions
|
||
return the local <code>Time</code> corresponding to the given Unix time.
|
||
</p>
|
||
|
||
<p><!-- CL 300996 -->
|
||
The package now accepts comma "," as a separator for fractional seconds when parsing and formatting time.
|
||
The following time formats are now accepted:
|
||
<ul>
|
||
<li>2006-01-02 14:06:03,999999999 -0700 MST</li>
|
||
<li>Mon Jan _2 14:06:03,120007 2006</li>
|
||
<li>Mon Jan 2 14:06:03,120007 2006</li>
|
||
</ul>
|
||
</p>
|
||
|
||
<p><!-- CL 320252 -->
|
||
The new constant <a href="/pkg/time/#Layout"><code>Layout</code></a>
|
||
defines the reference time.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- time -->
|
||
|
||
<dl id="unicode"><dt><a href="/pkg/unicode/">unicode</a></dt>
|
||
<dd>
|
||
<p><!-- CL 280493 -->
|
||
The <a href="/pkg/unicode/#Is"><code>Is</code></a>,
|
||
<a href="/pkg/unicode/#IsGraphic"><code>IsGraphic</code></a>,
|
||
<a href="/pkg/unicode/#IsLetter"><code>IsLetter</code></a>,
|
||
<a href="/pkg/unicode/#IsLower"><code>IsLower</code></a>,
|
||
<a href="/pkg/unicode/#IsMark"><code>IsMark</code></a>,
|
||
<a href="/pkg/unicode/#IsNumber"><code>IsNumber</code></a>,
|
||
<a href="/pkg/unicode/#IsPrint"><code>IsPrint</code></a>,
|
||
<a href="/pkg/unicode/#IsPunct"><code>IsPunct</code></a>,
|
||
<a href="/pkg/unicode/#IsSpace"><code>IsSpace</code></a>,
|
||
<a href="/pkg/unicode/#IsSymbol"><code>IsSymbol</code></a>, and
|
||
<a href="/pkg/unicode/#IsUpper"><code>IsUpper</code></a> functions
|
||
now return <code>false</code> on negative rune values, as they do for other invalid runes.
|
||
</p>
|
||
</dd>
|
||
</dl><!-- unicode -->
|