[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-go-127-rc1-1264-security-fixes-zh":3,"article-related-go-127-rc1-1264-security-fixes-zh":31,"series-tools-11a1e847-ffc9-40e1-805f-dde2ce603858":76},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"11a1e847-ffc9-40e1-805f-dde2ce603858","go-127-rc1-1264-security-fixes-zh","Go 1.27 rc1 與 1.26.4 修補安全問題","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fgoogle\">Google\u003C\u002Fa> 釋出 Go 1.27 rc1 與 Go 1.26.4，這波更新補上多項安全問題，也同步提醒開發者測試 RC 與檢查 telemetry 設定。\u003C\u002Fp>\u003Cp>Google 在 2026 年 6 月 18 日推出 \u003Ca href=\"https:\u002F\u002Fgo.dev\u002Fdl\u002F#go1.27rc1\" target=\"_blank\" rel=\"noopener\">Go 1.27 release candidate 1\u003C\u002Fa>，並在 6 月 2 日發布 \u003Ca href=\"https:\u002F\u002Fgo.dev\u002Fdoc\u002Fdevel\u002Frelease#go1.26.4\" target=\"_blank\" rel=\"noopener\">Go 1.26.4\u003C\u002Fa> 與 \u003Ca href=\"https:\u002F\u002Fgo.dev\u002Fdoc\u002Fdevel\u002Frelease#go1.25.11\" target=\"_blank\" rel=\"noopener\">Go 1.25.11\u003C\u002Fa>。前者讓團隊先驗證新分支，後者則把安全修補帶回仍在維護中的版本線。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>Go 1.27 RC1 發布日\u003C\u002Ftd>\u003Ctd>2026\u002F06\u002F18\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Go 1.26.4 \u002F 1.25.11 發布日\u003C\u002Ftd>\u003Ctd>2026\u002F06\u002F02\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Go telemetry 狀態\u003C\u002Ftd>\u003Ctd>Opt-in、open、anonymous\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Go 1.26.4 核心安全修補\u003C\u002Ftd>\u003Ctd>3 項\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>x\u002Fnet 安全問題\u003C\u002Ftd>\u003Ctd>5 項\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>x\u002Fcrypto 安全問題\u003C\u002Ftd>\u003Ctd>6 項以上\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>發生了什麼\u003C\u002Fh2>\u003Cp>這次更新分成兩條線：一條是新版本候選，另一條是舊版本維護。Go 1.27 rc1 可以透過一般下載頁取得，也能用 \u003Ccode>go install golang.org\u002Fdl\u002Fgo1.27rc1@latest\u003C\u002Fcode> 再執行 \u003Ccode>go1.27rc1 download\u003C\u002Fcode> 安裝。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782290885606-y0vf.png\" alt=\"Go 1.27 rc1 與 1.26.4 修補安全問題\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Google 也放出草案版 release notes，並請測試者把生產流量、單元測試與異常案例都跑過一輪。若在 RC 期間抓到問題，官方希望直接透過 Go tracker 回報，讓修正能趕上正式版。\u003C\u002Fp>\u003Cp>舊分支則同步收到維護更新。Go 1.26.4 與 Go 1.25.11 一共修了 3 項核心工具鏈安全問題，相關的 \u003Ca href=\"https:\u002F\u002Fpkg.go.dev\u002Fgolang.org\u002Fx\u002Fsys\" target=\"_blank\" rel=\"noopener\">golang.org\u002Fx\u002Fsys\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fpkg.go.dev\u002Fgolang.org\u002Fx\u002Fnet\" target=\"_blank\" rel=\"noopener\">golang.org\u002Fx\u002Fnet\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fpkg.go.dev\u002Fgolang.org\u002Fx\u002Fcrypto\" target=\"_blank\" rel=\"noopener\">golang.org\u002Fx\u002Fcrypto\u003C\u002Fa> 也各自更新。\u003C\u002Fp>\u003Cp>修補範圍很實際，幾乎都碰到日常服務會用到的路徑。包括 MIME header 解碼、net\u002Ftextproto 錯誤輸出、crypto\u002Fx509 hostname 檢查，還有 HTML 解析、XSS、idna 權限、SSH panic、constraint 處理與記憶體洩漏。\u003C\u002Fp>\u003Cul>\u003Cli>MIME header 在惡意輸入下不再出現平方級 CPU 消耗。\u003C\u002Fli>\u003Cli>textproto 錯誤訊息不再直接帶入攻擊者控制的原始文字。\u003C\u002Fli>\u003Cli>x509 hostname 檢查改為一次切分候選主機名，降低成本。\u003C\u002Fli>\u003Cli>x\u002Fnet 與 x\u002Fcrypto 補上多個安全缺口，涵蓋解析與 SSH 路徑。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這波更新也把 telemetry 再次推到檯面上。官方說明它是 opt-in、\u003Ca href=\"\u002Fnews\u002Fopenai-q1-burn-25-billion-leak-zh\">open\u003C\u002Fa>、anonymous，並提到像 gopls 這類工具蒐集到的資料，已經用在先前的修正與調校。\u003C\u002Fp>\u003Ch2>為什麼重要\u003C\u002Fh2>\u003Cp>對開發者來說，這不是語言新功能的新聞，而是升級風險管理。只要你的服務會解析 MIME、驗證憑證、處理 SSH 或依賴 x\u002F* 套件，這些修補就\u003Ca href=\"\u002Fnews\u002Fstamer-resign-uk-politics-5-changes-zh\">可能\u003C\u002Fa>直接影響 production 的穩定性與攻擊面。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782290876944-nvdm.png\" alt=\"Go 1.27 rc1 與 1.26.4 修補安全問題\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>對團隊流程來說，RC 的價值在於把真實負載提早搬上來測。Go 的節奏一向是先在 x\u002F* 模組與 point release 補洞，再讓整個生態系決定依賴鎖定、CI 更新與 minor version 升級時點，這次也一樣。\u003C\u002Fp>\u003Cp>和等到正式版才反應相比，現在就測 Go 1.27 rc1，能更早看出相容性問題與效能回歸。對還卡在舊版的專案，Go 1.26.4 與 1.25.11 則提供一條更直接的補洞路徑。\u003C\u002Fp>\u003Cp>這次的\u003Ca href=\"\u002Fnews\u002Fsynergy-quantum-risc-v-quantum-safe-soc-ip-zh\">訊號\u003C\u002Fa>很清楚：先測 RC，再補點版，最後決定 telemetry 要不要開。你現在的 Go 供應鏈，真的已經跟上這一輪安全更新了嗎？\u003C\u002Fp>","Google 釋出 Go 1.27 rc1 與 Go 1.26.4，帶來安全修補與 telemetry 指引。這波更新涵蓋 MIME、x509、x\u002Fnet、x\u002Fcrypto 等常用元件。","releasebot.io","https:\u002F\u002Freleasebot.io\u002Fupdates\u002Fgoogle\u002Fgolang",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782290885606-y0vf.png","tools","zh","12b94d42-4411-4423-b114-7628c16b0403",[17,18,19,20,21,22],"Go","security fixes","release candidate","x\u002Fnet","x\u002Fcrypto","telemetry",[24,25,26],"Go 1.27 rc1 已上線，適合先做生產負載與單元測試驗證。","Go 1.26.4 與 1.25.11 同步修補核心工具鏈與多個 x\u002F* 套件安全問題。","這波更新的重點是降低 MIME、憑證、SSH 與解析路徑的風險。",0,"2026-06-24T08:47:33.359945+00:00","2026-06-24T08:47:33.351+00:00","05e97311-b970-4686-a46d-eb2994c51ded",{"tags":32,"relatedLang":35,"relatedPosts":39},[33],{"name":17,"slug":34},"go",{"id":15,"slug":36,"title":37,"language":38},"go-127-rc1-1264-security-fixes-en","Go 1.27 rc1 and 1.26.4 ship security fixes","en",[40,46,52,58,64,70],{"id":41,"slug":42,"title":43,"cover_image":44,"image_url":44,"created_at":45,"category":13},"fbdd88d7-87eb-485b-9608-766022fbebc5","codex-log-bug-write-ssd-fix-zh","Codex 日志寫爆 SSD 怎麼管","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782306223557-vqtp.png","2026-06-24T13:03:12.253113+00:00",{"id":47,"slug":48,"title":49,"cover_image":50,"image_url":50,"created_at":51,"category":13},"1ee0795f-3fbf-481a-b45d-8d28bd6b9dfa","open-source-agent-orchestrators-parallel-coding-autonomy-zh","開源 agent orchestrator 已能平行寫碼，但還不能全自動交付","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782292678436-u75w.png","2026-06-24T09:17:24.980287+00:00",{"id":53,"slug":54,"title":55,"cover_image":56,"image_url":56,"created_at":57,"category":13},"05f9fc54-03f5-456e-9afb-68bcde52f3d9","cursor-spacex-ai-coding-productization-zh","Cursor把AI編程寫成產品","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782277401593-t9xx.png","2026-06-24T05:02:57.192238+00:00",{"id":59,"slug":60,"title":61,"cover_image":62,"image_url":62,"created_at":63,"category":13},"197a41a1-b4c2-43de-920f-26ccea9ab860","dometrain-advanced-system-design-ops-template-zh","Dometrain 把系統設計變成營運模板","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782270211960-bo9a.png","2026-06-24T03:03:02.800408+00:00",{"id":65,"slug":66,"title":67,"cover_image":68,"image_url":68,"created_at":69,"category":13},"8100f1b0-a28b-4860-86fb-6c73a41ecd6c","cdns-stock-page-turns-noise-into-watchlist-zh","CDNS 頁面變成監控清單","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782268390133-iy9j.png","2026-06-24T02:32:49.699794+00:00",{"id":71,"slug":72,"title":73,"cover_image":74,"image_url":74,"created_at":75,"category":13},"684ec799-a705-4a79-b0fe-e48f759adf46","github-open-source-music-topic-shortlist-zh","GitHub 音樂主題頁把搜尋變名單","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782243211683-rnqs.png","2026-06-23T19:33:00.766925+00:00",[77,82,87,92,97,102,107,112,117,122],{"id":78,"slug":79,"title":80,"created_at":81},"855cd52f-6fab-46cc-a7c1-42195e8a0de4","surepath-real-time-mcp-policy-controls-zh","SurePath 推出即時 MCP 政策控管","2026-03-26T07:57:40.77233+00:00",{"id":83,"slug":84,"title":85,"created_at":86},"9b19ab54-edef-4dbd-9ce4-a51e4bae4ebb","mcp-in-2026-the-ai-tool-layer-teams-use-zh","2026 年 MCP：團隊真的在用的 AI 工具層","2026-03-26T08:01:46.589694+00:00",{"id":88,"slug":89,"title":90,"created_at":91},"af9c46c3-7a28-410b-9f04-32b3de30a68c","prompting-in-2026-what-actually-works-zh","2026 提示工程，真正有用的是什麼","2026-03-26T08:08:12.453028+00:00",{"id":93,"slug":94,"title":95,"created_at":96},"05553086-6ed0-4758-81fd-6cab24b575e0","garry-tan-open-sources-claude-code-toolkit-zh","Garry Tan 開源 Claude Code 工具包","2026-03-26T08:26:20.068737+00:00",{"id":98,"slug":99,"title":100,"created_at":101},"042a73a2-18a2-433d-9e8f-9802b9559aac","github-ai-projects-to-watch-in-2026-zh","2026 必看 20 個 GitHub AI 專案","2026-03-26T08:28:09.619964+00:00",{"id":103,"slug":104,"title":105,"created_at":106},"a5f94120-ac0d-4483-9a8b-63590071ac6a","claude-code-vs-cursor-2026-zh","Claude Code 與 Cursor 深度對比：202…","2026-03-26T13:27:14.279193+00:00",{"id":108,"slug":109,"title":110,"created_at":111},"0975afa1-e0c7-4130-a20d-d890eaed995e","practical-github-guide-learning-ml-2026-zh","2026 機器學習入門 GitHub 實用指南","2026-03-27T01:16:49.712576+00:00",{"id":113,"slug":114,"title":115,"created_at":116},"bfdb467a-290f-4a80-b3a9-6f081afb6dff","aiml-2026-student-ai-ml-lab-repo-review-zh","AIML-2026：像課綱的學生實驗 Repo","2026-03-27T01:21:51.467798+00:00",{"id":118,"slug":119,"title":120,"created_at":121},"80cabc3e-09fc-4ff5-8f07-b8d68f5ae545","ai-trending-github-repos-and-research-feeds-zh","AI Trending：把 AI 資源收成一張表","2026-03-27T01:31:35.262183+00:00",{"id":123,"slug":124,"title":125,"created_at":126},"3ce6e6e2-bac5-463e-9f8d-45caabcc61f7","awesome-ai-for-science-research-tools-map-zh","AI 科研工具清單，開始像地圖了","2026-03-27T01:46:50.521945+00:00"]