Go 1.26.4 released
Read on Go Releases Stable Go release. See release notes for changes.
Issue #18
Go 1.26.4 and 1.25.11 ship with three stdlib security fixes
Go 1.26.4 and 1.25.11 are out, carrying three security fixes in the standard library, so updating takes priority over everything else in today's queue. On the proposal track, there's a thoughtful one to strip POST bodies and custom credential headers on cross-origin 307/308 redirects in net/http, which feels overdue, alongside an ARM64 SVE intrinsics proposal under GOEXPERIMENT for the SIMD-curious. And on the lighter side, someone has built a terminal clone of Settlers of Catan in Go, which is a reasonable use of an afternoon.
Wednesday, June 3, 2026 · Issue #18
🐿️ Go 1.26.4 and 1.25.11 ship with three stdlib security fixes
Go 1.26.4 and 1.25.11 are out, carrying three security fixes in the standard library, so updating takes priority over everything else in today's queue. On the proposal track, there's a thoughtful one to strip POST bodies and custom credential headers on cross-origin 307/308 redirects in net/http, which feels overdue, alongside an ARM64 SVE intrinsics proposal under GOEXPERIMENT for the SIMD-curious. And on the lighter side, someone has built a terminal clone of Settlers of Catan in Go, which is a reasonable use of an afternoon.
Releases 1
Proposals 3
proposal: cmd/go: go list -m should report VCS-derived version for the main module
Read on GitHub Background Since Go 1.24 ( 50603), go build stamps VCS-derived pseudo-versions into binaries. This version is readable after building via go version -
simd/archsimd: support ARM64 SVE SIMD intrinsics under a GOEXPERIMENT
Read on GitHub Proposal Details This is a proposal to introduce intrinsic support for ARM64 SVE (Scalable Vector Extension) instructions. It is a child proposal of 7
proposal: net/http: strip POST body and custom credential headers on cross-origin 307/308 redirects
Read on GitHub Proposal Details Background Go's net/http client currently strips a subset of sensitive headers ( Authorization , Cookie , Cookie2 , Www-Authenticate
Discussions 8
🌟 Go 1
Read on Mastodon 🌟 Go 1.26.4 and 1.25.11 are released! 🔐 Security: Includes 3 security fixes to the standard library. 📣 Announcement: https:// groups.google.com/g/golang-ann ounce/c/tKs3rmcBcKw/m/1ou-Xt7gAQAJ
Working with Money
Read on Reddit Hi, I have a small project to fetch and process my financial data and decided to learn Golang with it. To hold currency as a data type, I've seen the plentiful third party libraries that implement Dec
betteralign - detect and fix struct field alignment to reduce memory usage in Go programs
Read on Reddit It has been three years since I announced the initial release of betteralign, a tool that detects structs that could use less memory if their fields were reordered and can optionally rewrite them auto
facing challenges with interface
Read on Reddit Hey I am pretty new in golang but when I do work normally mostly use struct and then define methods with it and use interface untill there is a chances of grouping somehow. But when I use AI to genera
El Poblador is a fully functional clone of Settlers of Catan built entirely for
Read on Mastodon El Poblador is a fully functional clone of Settlers of Catan built entirely for the Linux terminal. Developed in Go by "vicho," the TUI game supports 3 to 4 local players on a shared keyboard and feat
Articles 5
I Rewrote My Go Notification Service in Rust. The Results Were Not What I Expected.
Read on Medium A few months ago, I had what I thought was a brilliant idea. Continue reading on Medium »
Introducing fuse: The Go Config Package I Built After Studying 1,200 Broken Setups
Read on Medium Every Go service I’ve worked on has a config/ directory with a default.toml and a dozen copies of it. Continue reading on Medium »
Building a Highly Concurrent, Dependency-Free Email DNS Auditor in Go
Read on Medium When you send or receive an email, a silent and complex dance of protocols happens entirely behind the scenes. Mechanisms like MX, SPF… Continue reading on Stackademic »
We Had Logs, Metrics, and Traces. We Still Couldn’t Debug Production
Read on Medium It was 2am. A payment service was failing intermittently and creeping toward a 0.5% error rate. Continue reading on Stackademic »
Inside Go’s Official pkg.go.dev API & MCP Support
Read on Medium Historically, Go developers, IDE integrations, and automated software workflows relied on fragile, unstructured workarounds such as web… Continue reading on Medium »
Videos 5
playing with fractals #art #indiemexicano #indiemusic #drawing #coding #electronicmusic #golang
Read on YouTube idk, im shy(=she hacked you) fill up my hearts:
Generate OpenAPI for Golang project using UI with apispecui
Read on YouTube apispec analyzes your Go source and generates an OpenAPI 3.1 spec — straight from the code, with no comments or ...
Pointers felt cleaner once the service boundary was obvious #Shorts
Read on YouTube Pointers felt cleaner once the service boundary was obvious. Day 12/90. GoLang LearnGo SoftwareEngineering ...
Database migrations felt cleaner once the service boundary was obvious #Shorts
Read on YouTube Database migrations felt cleaner once the service boundary was obvious. Day 12/60. GoLang Backend APIs ...
PostgreSQL with Go felt cleaner once the service boundary was obvious #Shorts
Read on YouTube PostgreSQL with Go felt cleaner once the service boundary was obvious. Day 11/60. GoLang Backend APIs ...
Trending 5
sartoopjj/thefeed
Read on GitHub Trending DNS-based feed reader for Telegram channels and public X accounts. Designed for environments where only DNS queries work.
googleapis/mcp-toolbox
Read on GitHub Trending MCP Toolbox for Databases is an open source MCP server for databases.
moby/moby
Read on GitHub Trending The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
cloudnative-pg/cloudnative-pg
Read on GitHub Trending CloudNativePG is a comprehensive platform designed to seamlessly manage PostgreSQL databases within Kubernetes environments, covering the entire operational lifecycle from initial deployment to ongoin
Security 2
Arbitrary inputs are included in errors without any escaping in net/textproto
Read on Go Vulnerabilities When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logg
Inefficient candidate hostname parsing in crypto/x509
Read on Go Vulnerabilities ( x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the sam
Jobs 5
GC
Read on Golang.cafe 
we are hiring remote Software Developers to help train next-generation AI systems.Contract, remote, $60–$110/hr, 100 openings.
Read on HN Who's Hiring we are looking for developers with 1+ years of hands-on experience in one or more of:Python, Rust, Go, Java, Node.js, full-stack development, Android, or iOS.No prior AI experience is required. The wo
Bubblehouse | Integration Engineer | FULLY REMOTE | $70–110k/yr | Full-timeWe're a fast-growing custom & private loyalty platform...
Read on HN Who's Hiring powering programs for household-name brands. Small, fully-remote team across the US and Europe.We want a detail-obsessed, autonomous mid-to-senior engineer ( 5–10 yrs) to investigate customer proble
Elucid | Principal Platform Engineer | Boston, MA | ONSITE (hybrid) | $170k–$205k...
Read on HN Who's Hiring https://elucid.applytojob.com/apply/BHpChxSggM/Principal-Pla...Elucid builds FDA-cleared AI software that analyzes cardiac CT scans to characterize plaque and predict heart attack and stroke risk. The
Kong | Senior Software Engineer, Kong Identity | Toronto, Canada | CA$145K–215KI'm a Staff Engineer on Kong's Identity team. We're...
Read on HN Who's Hiring hiring a Senior Software Engineer to help build the identity platform behind Konnect.The team owns authentication and authorization services, OAuth 2.0 / OpenID Connect infrastructure, token issuance
Get the digest in your inbox
The best Go stories from across the community, ranked and delivered weekday mornings. Free, no spam.