The Go Blog 19 January 2021 Today’s Go security release fixes an issue involving PATH lookups in untrusted directories that can lead to remote execution during the go get command. We expect people to have questions about what exactly this means and whether they might have issues in their own programs. This post details the bug, the fixes we have applied, how to decide whether your own programs are vulnerable to similar problems, and what you can do if they are. Go command & remote execution go command is that most commands – including go go list – do not run arbitrary code downloaded from the internet.