<!--{
	"Title": "Go 1.17 Release Notes",
	"Path":  "/doc/go1.17"
}-->

<!--
NOTE: In this document and others in this directory, the convention is to
set fixed-width phrases with non-fixed-width spaces, as in
<code>hello</code> <code>world</code>.
Do not send CLs removing the interior tags from such phrases.
-->

<style>
  main ul li { margin: 0.5em 0; }
</style>

<h2 id="introduction">DRAFT RELEASE NOTES — Introduction to Go 1.17</h2>

<p>
  <strong>
    Go 1.17 is not yet released. These are work-in-progress
    release notes. Go 1.17 is expected to be released in August 2021.
  </strong>
</p>

<h2 id="language">Changes to the language</h2>

<p>
  Go 1.17 includes three small enhancements to the language.
</p>

<ul>
  <li><!-- CL 216424; issue 395 -->
    <a href="/ref/spec#Conversions_from_slice_to_array_pointer">Conversions
    from slice to array pointer</a>: An expression <code>s</code> of
    type <code>[]T</code> may now be converted to array pointer type
    <code>*[N]T</code>. If <code>a</code> is the result of such a
    conversion, then corresponding indices that are in range refer to
    the same underlying elements: <code>&amp;a[i] == &amp;s[i]</code>
    for <code>0 &lt;= i &lt; N</code>. The conversion panics if
    <code>len(s)</code> is less than <code>N</code>.
  </li>

  <li><!-- CL 312212; issue 40481 -->
    <a href="/pkg/unsafe#Add"><code>unsafe.Add</code></a>:
    <code>unsafe.Add(ptr, len)</code> adds <code>len</code>
    to <code>ptr</code> and returns the updated pointer
    <code>unsafe.Pointer(uintptr(ptr) + uintptr(len))</code>.
  </li>

  <li><!-- CL 312212; issue 19367 -->
    <a href="/pkg/unsafe#Slice"><code>unsafe.Slice</code></a>:
    For expression <code>ptr</code> of type <code>*T</code>,
    <code>unsafe.Slice(ptr, len)</code> returns a slice of
    type <code>[]T</code> whose underlying array starts
    at <code>ptr</code> and whose length and capacity
    are <code>len</code>.
  </li>
</ul>

<p>
  These enhancements were added to simplify writing code that conforms
  to <code>unsafe.Pointer</code>'s <a href="/pkg/unsafe/#Pointer">safety
  rules</a>, but the rules remain unchanged. In particular, existing
  programs that correctly use <code>unsafe.Pointer</code> remain
  valid, and new programs must still follow the rules when
  using <code>unsafe.Add</code> or <code>unsafe.Slice</code>.
</p>


<p>
  Note that the new conversion from slice to array pointer is the
  first case in which a type conversion can panic at run time.
  Analysis tools that assume type conversions can never panic
  should be updated to consider this possibility.
</p>

<h2 id="ports">Ports</h2>

<h3 id="darwin">Darwin</h3>

<p><!-- golang.org/issue/23011 -->
  As <a href="go1.16#darwin">announced</a> in the Go 1.16 release
  notes, Go 1.17 requires macOS 10.13 High Sierra or later; support
  for previous versions has been discontinued.
</p>

<h3 id="windows">Windows</h3>

<p><!-- golang.org/issue/36439 -->
  Go 1.17 adds support of 64-bit ARM architecture on Windows (the
  <code>windows/arm64</code> port). This port supports cgo.
</p>

<h3 id="openbsd">OpenBSD</h3>

<p><!-- golang.org/issue/43005 -->
  The 64-bit MIPS architecture on OpenBSD (the <code>openbsd/mips64</code>
  port) now supports cgo.
</p>

<p><!-- golang.org/issue/36435 -->
  In Go 1.16, on the 64-bit x86 and 64-bit ARM architectures on
  OpenBSD (the <code>openbsd/amd64</code> and <code>openbsd/arm64</code>
  ports) system calls are made through <code>libc</code>, instead
  of directly using machine instructions. In Go 1.17, this is also
  done on the 32-bit x86 and 32-bit ARM architectures on OpenBSD
  (the <code>openbsd/386</code> and <code>openbsd/arm</code> ports).
  This ensures forward-compatibility with future versions of
  OpenBSD, in particular, with OpenBSD 6.9 onwards, which requires
  system calls to be made through <code>libc</code> for non-static
  Go binaries.
</p>

<h3 id="arm64">ARM64</h3>

<p><!-- CL 288814 -->
  Go programs now maintain stack frame pointers on the 64-bit ARM
  architecture on all operating systems. Previously it maintained
  stack frame pointers only on Linux, macOS, and iOS.
</p>

<h2 id="tools">Tools</h2>

<h3 id="go-command">Go command</h3>

<h4 id="lazy-loading">Lazy module loading</h4>

<p><!-- golang.org/issue/36460 -->
  If a module specifies <code>go</code> <code>1.17</code> or higher in its
  <code>go.mod</code> file, its transitive requirements are now loaded lazily,
  avoiding the need to download or read <code>go.mod</code> files for
  otherwise-irrelevant dependencies. To support lazy loading, in Go 1.17 modules
  the <code>go</code> command maintains <em>explicit</em> requirements in
  the <code>go.mod</code> file for every dependency that provides any package
  transitively imported by any package or test within the module.
  See <a href="https://golang.org/design/36460-lazy-module-loading">the design
  document</a> for more detail.
  <!-- TODO(bcmills): replace the design-doc link with proper documentation. -->
</p>

<p><!-- golang.org/issue/45965 -->
  Because the number of additional explicit requirements in the go.mod file may
  be substantial, in a Go 1.17 module the newly-added requirements
  on <em>indirect</em> dependencies are maintained in a
  separate <code>require</code> block from the block containing direct
  dependencies.
</p>

<p><!-- golang.org/issue/45094 -->
  To facilitate the upgrade to lazy loading, the
  <code>go</code> <code>mod</code> <code>tidy</code> subcommand now supports
  a <code>-go</code> flag to set or change the <code>go</code> version in
  the <code>go.mod</code> file. To enable lazy loading for an existing module
  without changing the selected versions of its dependencies, run:
</p>

<pre>
  go mod tidy -go=1.17
</pre>

<p><!-- golang.org/issue/46141 -->
  By default, <code>go</code> <code>mod</code> <code>tidy</code> verifies that
  the selected versions of dependencies relevant to the main module are the same
  versions that would be used by the prior Go release (Go 1.16 for a module that
  spsecifies <code>go</code> <code>1.17</code>), and preserves
  the <code>go.sum</code> entries needed by that release even for dependencies
  that are not normally needed by other commands.
</p>

<p>
  The <code>-compat</code> flag allows that version to be overridden to support
  older (or only newer) versions, up to the version specified by
  the <code>go</code> directive in the <code>go.mod</code> file. To tidy
  a <code>go</code> <code>1.17</code> module for Go 1.17 only, without saving
  checksums for (or checking for consistency with) Go 1.16:
</p>

<pre>
  go mod tidy -compat=1.17
</pre>

<p>
  Note that even if the main module is tidied with <code>-compat=1.17</code>,
  users who <code>require</code> the module from a
  <code>go</code> <code>1.16</code> or earlier module will still be able to
  use it, provided that the packages use only compatible language and library
  features.
</p>

<h4 id="module-deprecation-comments">Module deprecation comments</h4>

<p><!-- golang.org/issue/40357 -->
  Module authors may deprecate a module by adding a
  <a href="/ref/mod#go-mod-file-module-deprecation"><code>// Deprecated:</code>
  comment</a> to <code>go.mod</code>, then tagging a new version.
  <code>go</code> <code>get</code> now prints a warning if a module needed to
  build packages named on the command line is deprecated. <code>go</code>
  <code>list</code> <code>-m</code> <code>-u</code> prints deprecations for all
  dependencies (use <code>-f</code> or <code>-json</code> to show the full
  message). The <code>go</code> command considers different major versions to
  be distinct modules, so this mechanism may be used, for example, to provide
  users with migration instructions for a new major version.
</p>

<h4 id="go-get"><code>go</code> <code>get</code></h4>

<p><!-- golang.org/issue/37519 -->
  The <code>go</code> <code>get</code> <code>-insecure</code> flag is
  deprecated and has been removed. To permit the use of insecure schemes
  when fetching dependencies, please use the <code>GOINSECURE</code>
  environment variable. The <code>-insecure</code> flag also bypassed module
  sum validation, use <code>GOPRIVATE</code> or <code>GONOSUMDB</code> if
  you need that functionality. See <code>go</code> <code>help</code>
  <code>environment</code> for details.
</p>

<h4 id="missing-go-directive"><code>go.mod</code> files missing <code>go</code> directives</h4>

<p><!-- golang.org/issue/44976 -->
  If the main module's <code>go.mod</code> file does not contain
  a <a href="/doc/modules/gomod-ref#go"><code>go</code> directive</a> and
  the <code>go</code> command cannot update the <code>go.mod</code> file, the
  <code>go</code> command now assumes <code>go 1.11</code> instead of the
  current release. (<code>go</code> <code>mod</code> <code>init</code> has added
  <code>go</code> directives automatically <a href="/doc/go1.12#modules">since
  Go 1.12</a>.)
</p>

<p><!-- golang.org/issue/44976 -->
  If a module dependency lacks an explicit <code>go.mod</code> file, or
  its <code>go.mod</code> file does not contain
  a <a href="/doc/modules/gomod-ref#go"><code>go</code> directive</a>,
  the <code>go</code> command now assumes <code>go 1.16</code> for that
  dependency instead of the current release. (Dependencies developed in GOPATH
  mode may lack a <code>go.mod</code> file, and
  the <code>vendor/modules.txt</code> has to date never recorded
  the <code>go</code> versions indicated by dependencies' <code>go.mod</code>
  files.)
</p>

<h4 id="vendor"><code>vendor</code> contents</h4>

<p><!-- golang.org/issue/36876 -->
  If the main module specifies <code>go</code> <code>1.17</code> or higher,
  <code>go</code> <code>mod</code> <code>vendor</code> now annotates
  <code>vendor/modules.txt</code> with the <code>go</code> version indicated by
  each vendored module in its own <code>go.mod</code> file. The annotated
  version is used when building the module's packages from vendored source code.
</p>

<p><!-- golang.org/issue/42970 -->
  If the main module specifies <code>go</code> <code>1.17</code> or higher,
  <code>go</code> <code>mod</code> <code>vendor</code> now omits <code>go.mod</code>
  and <code>go.sum</code> files for vendored dependencies, which can otherwise
  interfere with the ability of the <code>go</code> command to identify the correct
  module root when invoked within the <code>vendor</code> tree.
</p>

<h4 id="password-prompts">Password prompts</h4>

<p><!-- golang.org/issue/44904 -->
  The <code>go</code> command by default now suppresses SSH password prompts and
  Git Credential Manager prompts when fetching Git repositories using SSH, as it
  already did previously for other Git password prompts. Users authenticating to
  private Git repos with password-protected SSH may configure
  an <code>ssh-agent</code> to enable the <code>go</code> command to use
  password-protected SSH keys.
</p>

<h4 id="go-mod-download"><code>go</code> <code>mod</code> <code>download</code></h4>

<p><!-- golang.org/issue/45332 -->
  When <code>go</code> <code>mod</code> <code>download</code> is invoked without
  arguments, it will no longer save sums for downloaded module content to
  <code>go.sum</code>. It may still make changes to <code>go.mod</code> and
  <code>go.sum</code> needed to load the build list. This is the same as the
  behavior in Go 1.15. To save sums for all modules, use <code>go</code>
  <code>mod</code> <code>download</code> <code>all</code>.
</p>

<h4 id="build-lines"><code>//go:build</code> lines</h4>

<p>
  The <code>go</code> command now understands <code>//go:build</code> lines
  and prefers them over <code>// +build</code> lines. The new syntax uses
  boolean expressions, just like Go, and should be less error-prone.
  As of this release, the new syntax is fully supported, and all Go files
  should be updated to have both forms with the same meaning. To aid in
  migration, <a href="#gofmt"><code>gofmt</code></a> now automatically
  synchronizes the two forms. For more details on the syntax and migration plan,
  see
  <a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
</p>

<h3 id="gofmt"><code>gofmt</code></h3>
  <code>gofmt</code> (and <code>go</code> <code>fmt</code>) now synchronizes
  <code>//go:build</code> lines with <code>// +build</code> lines. If a file
  only has <code>// +build</code> lines, they will be moved to the appropriate
  location in the file, and matching <code>//go:build</code> lines will be
  added. Otherwise, <code>// +build</code> lines will be overwritten based on
  any existing <code>//go:build</code> lines. For more information, see
  <a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
</h3>

<h3 id="vet">Vet</h3>

<h4 id="vet-buildtags">New warning for mismatched <code>//go:build</code> and <code>// +build</code> lines</h4>

<p><!-- CL 240609 -->
  The <code>vet</code> tool now verifies that <code>//go:build</code> and
  <code>// +build</code> lines are in the correct part of the file and
  synchronized with each other. If they aren't,
  <a href="#gofmt"><code>gofmt</code></a> can be used to fix them. For more
  information, see
  <a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
</p>

<h4 id="vet-sigchanyzer">New warning for calling <code>signal.Notify</code> on unbuffered channels</h4>

<p><!-- CL 299532 -->
  The vet tool now warns about calls to <a href="/pkg/os/signal/#Notify">signal.Notify</a>
  with incoming signals being sent to an unbuffered channel. Using an unbuffered channel
  risks missing signals sent on them as <code>signal.Notify</code> does not block when
  sending to a channel. For example:
</p>

<pre>
c := make(chan os.Signal)
// signals are sent on c before the channel is read from.
// This signal may be dropped as c is unbuffered.
signal.Notify(c, os.Interrupt)
</pre>

<p>
  Users of <code>signal.Notify</code> should use channels with sufficient buffer space to keep up with the
  expected signal rate.
</p>

<h4 id="vet-error-stdmethods">New warnings for Is, As and Unwrap methods</h4>

<p><!-- CL 321389 -->
  The vet tool now warns about methods named <code>As</code>, <code>Is</code> or <code>Unwrap</code>
  on types implementing the <code>error</code> interface that have a different signature than the
  one expected by the <code>errors</code> package. The <code>errors.{As,Is,Unwrap}</code> functions
  expect such methods to implement either <code>Is(error)</code> <code>bool</code>,
  <code>As(interface{})</code> <code>bool</code>, or <code>Unwrap()</code> <code>error</code>
  respectively. The functions <code>errors.{As,Is,Unwrap}</code> will ignore methods with the same
  names but a different signature. For example:
</p>

<pre>
type MyError struct { hint string }
func (m MyError) Error() string { ... } // MyError implements error.
func (MyError) Is(target interface{}) bool { ... } // target is interface{} instead of error.
func Foo() bool {
	x, y := MyError{"A"}, MyError{"B"}
	return errors.Is(x, y) // returns false as x != y and MyError does not have an `Is(error) bool` function.
}
</pre>

<h3 id="cover">Cover</h3>

<p><!-- CL 249759 -->
  The <code>cover</code> tool now uses an optimized parser
  from <code>golang.org/x/tools/cover</code>, which may be noticeably faster
  when parsing large coverage profiles.
</p>

<h2 id="compiler">Compiler</h2>

<p><!-- golang.org/issue/40724 -->
  Go 1.17 implements a new way of passing function arguments and results using
  registers instead of the stack. This work is enabled for Linux, MacOS, and
  Windows on the 64-bit x86 architecture (the <code>linux/amd64</code>,
  <code>darwin/amd64</code>, <code>windows/amd64</code> ports). For a
  representative set of Go  packages and programs, benchmarking has shown
  performance improvements of about 5%, and a typical reduction in binary size
  of about 2%.
</p>

<p>
  This change does not affect the functionality of any safe Go code. It can affect
  code outside the <a href="/doc/go1compat">compatibility guidelines</a> with
  minimal impact. To maintain compatibility with existing assembly functions,
  adapter functions converting between the new register-based calling convention
  and the previous stack-based calling convention (also known as ABI wrappers)
  are sometimes used. This is mostly invisible to users, except for assembly
  functions that have their addresses taken in Go. Using <code>reflect.ValueOf(fn).Pointer()</code>
  (or similar approaches such as via <code>unsafe.Pointer</code>) to get the address
  of an assembly function will now return the address of the ABI wrapper. This is
  mostly harmless, except for special-purpose assembly code (such as accessing
  thread-local storage or requiring a special stack alignment). Assembly functions
  called indirectly from Go via <code>func</code> values will now be made through
  ABI wrappers, which may cause a very small performance overhead. Also, calling
  Go functions from assembly may now go through ABI wrappers, with a very small
  performance overhead.
</p>

<p><!-- CL 304470 -->
  The format of stack traces from the runtime (printed when an uncaught panic
  occurs, or when <code>runtime.Stack</code> is called) is improved. Previously,
  the function arguments were printed as hexadecimal words based on the memory
  layout. Now each argument in the source code is printed separately, separated
  by commas. Aggregate-typed (struct, array, string, slice, interface, and complex)
  arguments are delimited by curly braces. A caveat is that the value of an
  argument that only lives in a register and is not stored to memory may be
  inaccurate. Results (which were usually inaccurate) are no longer printed.
</p>

<p><!-- CL 283112, golang.org/issue/28727 -->
  Functions containing closures can now be inlined. One effect of this change is
  that a function with a closure may actually produce a distinct closure function
  for each place that the function is inlined. Hence, this change could reveal
  bugs where Go functions are compared (incorrectly) by pointer value. Go
  functions are by definition not comparable.
</p>

<h2 id="library">Core library</h2>

<h3 id="runtime/cgo"><a href="/pkg/runtime/cgo">Cgo</a></h3>

<p>
  The <a href="/pkg/runtime/cgo">runtime/cgo</a> package now provides a
  new facility that allows to turn any Go values to a safe representation
  that can be used to pass values between C and Go safely. See
  <a href="/pkg/runtime/cgo#Handle">runtime/cgo.Handle</a> for more information.
</p>

<h3 id="minor_library_changes">Minor changes to the library</h3>

<p>
  As always, there are various minor changes and updates to the library,
  made with the Go 1 <a href="/doc/go1compat">promise of compatibility</a>
  in mind.
</p>

<dl id="archive/zip"><dt><a href="/pkg/archive/zip/">archive/zip</a></dt>
  <dd>
    <p><!-- CL 312310 -->
      The new methods <a href="/pkg/archive/zip#File.OpenRaw"><code>File.OpenRaw</code></a>, <a href="/pkg/archive/zip#Writer.CreateRaw"><code>Writer.CreateRaw</code></a>, <a href="/pkg/archive/zip#Writer.Copy"><code>Writer.Copy</code></a> provide support for cases where performance is a primary concern.
    </p>
  </dd>
</dl><!-- archive/zip -->

<dl id="bufio"><dt><a href="/pkg/bufio/">bufio</a></dt>
  <dd>
    <p><!-- CL 280492 -->
      The <a href="/pkg/bufio/#Writer.WriteRune"><code>Writer.WriteRune</code></a> method
      now writes the replacement character U+FFFD for negative rune values,
      as it does for other invalid runes.
    </p>
  </dd>
</dl><!-- bufio -->

<dl id="bytes"><dt><a href="/pkg/bytes/">bytes</a></dt>
  <dd>
    <p><!-- CL 280492 -->
      The <a href="/pkg/bytes/#Buffer.WriteRune"><code>Buffer.WriteRune</code></a> method
      now writes the replacement character U+FFFD for negative rune values,
      as it does for other invalid runes.
    </p>
  </dd>
</dl><!-- bytes -->

<dl id="compress/lzw"><dt><a href="/pkg/compress/lzw/">compress/lzw</a></dt>
  <dd>
    <p><!-- CL 273667 -->
      The <a href="/pkg/compress/lzw/#NewReader"><code>NewReader</code></a>
      function is guaranteed to return a value of the new
      type <a href="/pkg/compress/lzw/#Reader"><code>Reader</code></a>,
      and similarly <a href="/pkg/compress/lzw/#NewWriter"><code>NewWriter</code></a>
      is guaranteed to return a value of the new
      type <a href="/pkg/compress/lzw/#Writer"><code>Writer</code></a>.
      These new types both implement a <code>Reset</code> method
      (<a href="/pkg/compress/lzw/#Reader.Reset"><code>Reader.Reset</code></a>,
      <a href="/pkg/compress/lzw/#Writer.Reset"><code>Writer.Reset</code></a>)
      that allows reuse of the <code>Reader</code> or <code>Writer</code>.
    </p>
  </dd>
</dl><!-- compress/lzw -->

<dl id="crypto/ed25519"><dt><a href="/pkg/crypto/ed25519/">crypto/ed25519</a></dt>
  <dd>
    <p><!-- CL 276272 -->
      The <code>crypto/ed25519</code> package has been rewritten, and all
      operations are now approximately twice as fast on amd64 and arm64.
      The observable behavior has not otherwise changed.
    </p>
  </dd>
</dl><!-- crypto/ed25519 -->

<dl id="crypto/elliptic"><dt><a href="/pkg/crypto/elliptic/">crypto/elliptic</a></dt>
  <dd>
    <p><!-- CL 233939 -->
      <a href="/pkg/crypto/elliptic#CurveParams"><code>CurveParams</code></a>
      methods now automatically invoke faster and safer dedicated
      implementations for known curves (P-224, P-256, and P-521) when
      available. Note that this is a best-effort approach and applications
      should avoid using the generic, not constant-time <code>CurveParams</code>
      methods and instead use dedicated
      <a href="/pkg/crypto/elliptic#Curve"><code>Curve</code></a> implementations
      such as <a href="/pkg/crypto/elliptic#P256"><code>P256</code></a>.
    </p>

    <p><!-- CL 315271, CL 315274 -->
      The <a href="/pkg/crypto/elliptic#P521"><code>P521</code></a> curve
      implementation has been rewritten using code generated by the
      <a href="https://github.com/mit-plv/fiat-crypto">fiat-crypto project</a>,
      which is based on a formally-verified model of the arithmetic
      operations. It is now constant-time and three times faster on amd64 and
      arm64. The observable behavior has not otherwise changed.
    </p>
  </dd>
</dl><!-- crypto/elliptic -->

<dl id="crypto/rand"><dt><a href="/pkg/crypto/rand/">crypto/rand</a></dt>
  <dd>
    <p><!-- CL 302489, CL 299134, CL 269999 -->
      The <code>crypto/rand</code> package now uses the <code>getentropy</code>
      syscall on macOS and the <code>getrandom</code> syscall on Solaris,
      Illumos, and DragonFlyBSD.
    </p>
  </dd>
</dl><!-- crypto/rand -->

<dl id="crypto/tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
  <dd>
    <p><!-- CL 295370 -->
      The new <a href="/pkg/crypto/tls#Conn.HandshakeContext"><code>Conn.HandshakeContext</code></a>
      method allows the user to control cancellation of an in-progress TLS
      handshake. The provided context is accessible from various callbacks through the new
      <a href="/pkg/crypto/tls#ClientHelloInfo.Context"><code>ClientHelloInfo.Context</code></a> and
      <a href="/pkg/crypto/tls#CertificateRequestInfo.Context"><code>CertificateRequestInfo.Context</code></a>
      methods. Canceling the context after the handshake has finished has no effect.
    </p>

    <p><!-- CL 289209 -->
      When <a href="/pkg/crypto/tls#Config.NextProtos"><code>Config.NextProtos</code></a>
      is set, servers now enforce that there is an overlap between the
      configured protocols and the protocols advertised by the client, if any.
      If there is no overlap the connection is closed with the
      <code>no_application_protocol</code> alert, as required by RFC 7301.
    </p>

    <p><!-- CL 314609 -->
      Cipher suite ordering is now handled entirely by the
      <code>crypto/tls</code> package. Currently, cipher suites are sorted based
      on their security, performance, and hardware support taking into account
      both the local and peer's hardware. The order of the
      <a href="/pkg/crypto/tls#Config.CipherSuites"><code>Config.CipherSuites</code></a>
      field is now ignored, as well as the
      <a href="/pkg/crypto/tls#Config.PreferServerCipherSuites"><code>Config.PreferServerCipherSuites</code></a>
      field. Note that <code>Config.CipherSuites</code> still allows
      applications to choose what TLS 1.0–1.2 cipher suites to enable.
    </p>

    <p>
      The 3DES cipher suites have been moved to
      <a href="/pkg/crypto/tls#InsecureCipherSuites"><code>InsecureCipherSuites</code></a>
      due to <a href="https://sweet32.info/">fundamental block size-related
      weakness</a>. They are still enabled by default but only as a last resort,
      thanks to the cipher suite ordering change above.
    </p>
  </dd>
</dl><!-- crypto/tls -->

<dl id="crypto/x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
  <dd>
    <p><!-- CL 224157 -->
      <a href="/pkg/crypto/x509/#CreateCertificate"><code>CreateCertificate</code></a>
      now returns an error if the provided private key doesn't match the
      parent's public key, if any. The resulting certificate would have failed
      to verify.
    </p>

    <p><!-- CL 315209 -->
      The temporary <code>GODEBUG=x509ignoreCN=0</code> flag has been removed.
    </p>

    <p><!-- CL 274234 -->
      <a href="/pkg/crypto/x509/#ParseCertificate"><code>ParseCertificate</code></a>
      has been rewritten, and now consumes ~70% fewer resources. The observable
      behavior has not otherwise changed, except for error messages.
    </p>

    <p><!-- CL 321190 -->
      On BSD systems, <code>/etc/ssl/certs</code> is now searched for trusted
      roots. This adds support for the new system trusted certificate store in
      FreeBSD 12.2+.
    </p>
  </dd>
</dl><!-- crypto/x509 -->

<dl id="database/sql"><dt><a href="/pkg/database/sql/">database/sql</a></dt>
  <dd>
    <p><!-- CL 258360 -->
      The <a href="/pkg/database/sql/#DB.Close"><code>DB.Close</code></a> method now closes
      the <code>connector</code> field if the type in this field implements the
      <a href="/pkg/io/#Closer"><code>io.Closer</code></a> interface.
    </p>

    <p><!-- CL 311572 -->
      The new
      <a href="/pkg/database/sql/#NullInt16"><code>NullInt16</code></a> 
      and 
      <a href="/pkg/database/sql/#NullByte"><code>NullByte</code></a> 
      structs represent the int16 and byte values that may be null. These can be used as
      destinations of the <a href="/pkg/database/sql/#Scan"><code>Scan</code></a> method,
      similar to NullString.
    </p>
  </dd>
</dl><!-- database/sql -->

<dl id="debug/elf"><dt><a href="/pkg/debug/elf/">debug/elf</a></dt>
  <dd>
    <p><!-- CL 239217 -->
      The <a href="/pkg/debug/elf/#SHT_MIPS_ABIFLAGS"><code>SHT_MIPS_ABIFLAGS</code></a>
      constant has been added.
    </p>
  </dd>
</dl><!-- debug/elf -->

<dl id="encoding/binary"><dt><a href="/pkg/encoding/binary/">encoding/binary</a></dt>
  <dd>
    <p><!-- CL 299531 -->
      <code>binary.Uvarint</code> will stop reading after <code>10 bytes</code> to avoid
      wasted computations. If more than <code>10 bytes</code> are needed, the byte count returned is <code>-11</code>.
      <br />
      Previous Go versions could return larger negative counts when reading incorrectly encoded varints.
    </p>
  </dd>
</dl><!-- encoding/binary -->

<dl id="encoding/csv"><dt><a href="/pkg/encoding/csv/">encoding/csv</a></dt>
  <dd>
    <p><!-- CL 291290 -->
      The new
      <a href="/pkg/encoding/csv/#Reader.FieldPos"><code>Reader.FieldPos</code></a>
      method returns the line and column corresponding to the start of
      a given field in the record most recently returned by
      <a href="/pkg/encoding/csv/#Reader.Read"><code>Read</code></a>.
    </p>
  </dd>
</dl><!-- encoding/csv -->

<dl id="flag"><dt><a href="/pkg/flag/">flag</a></dt>
  <dd>
    <p><!-- CL 271788 -->
      Flag declarations now panic if an invalid name is specified.
    </p>
  </dd>
</dl><!-- flag -->

<dl id="go/build"><dt><a href="/pkg/go/build/">go/build</a></dt>
  <dd>
    <p><!-- CL 310732 -->
      The new
      <a href="/pkg/go/build/#Context.ToolTags"><code>Context.ToolTags</code></a>
      field holds the build tags appropriate to the current Go
      toolchain configuration.
    </p>
  </dd>
</dl><!-- go/build -->

<dl id="go/format"><dt><a href="/pkg/go/format/">go/format</a></dt>
  <dd>
    <p>
      The <a href="/pkg/go/format/#Source"><code>Source</code></a> and
      <a href="/pkg/go/format/#Node"><code>Node</code></a> functions now
      synchronize <code>//go:build</code> lines with <code>// +build</code>
      lines. If a file only has <code>// +build</code> lines, they will be
      moved to the appropriate location in the file, and matching
      <code>//go:build</code> lines will be added. Otherwise,
      <code>// +build</code> lines will be overwritten based on any existing
      <code>//go:build</code> lines. For more information, see
      <a href="https://golang.org/design/draft-gobuild">https://golang.org/design/draft-gobuild</a>.
    </p>
  </dd>
</dl><!-- go/format -->

<dl id="io/fs"><dt><a href="/pkg/io/fs/">io/fs</a></dt>
  <dd>
    <p><!-- CL 293649 -->
      The new <a href="/pkg/io/fs/#FileInfoToDirEntry"><code>FileInfoToDirEntry</code></a> function converts a <code>FileInfo</code> to a <code>DirEntry</code>.
    </p>
  </dd>
</dl><!-- io/fs -->

<dl id="math"><dt><a href="/pkg/math/">math</a></dt>
  <dd>
    <p><!-- CL 247058 -->
      The math package now defines three more constants: <code>MaxUint</code>, <code>MaxInt</code> and <code>MinInt</code>.
      For 32-bit systems their values are <code>2^32 - 1</code>, <code>2^31 - 1</code> and <code>-2^31</code>, respectively.
      For 64-bit systems their values are <code>2^64 - 1</code>, <code>2^63 - 1</code> and <code>-2^63</code>, respectively.
    </p>
  </dd>
</dl><!-- math -->

<dl id="mime"><dt><a href="/pkg/mime/">mime</a></dt>
  <dd>
    <p><!-- CL 305230 -->
      On Unix systems, the table of MIME types is now read from the local system's
      <a href="https://specifications.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec-0.21.html">Shared MIME-info Database</a>
      when available.
    </p>
  </dd>
</dl><!-- mime -->

<dl id="net"><dt><a href="/pkg/net/">net</a></dt>
  <dd>
    <p><!-- CL 272668 -->
      The new method <a href="/pkg/net/#IP.IsPrivate"><code>IP.IsPrivate</code></a> reports whether an address is
      a private IPv4 address according to <a href="http://tools.ietf.org/html/rfc1918">RFC 1918</a>
      or a local IPv6 address according <a href="http://tools.ietf.org/html/rfc4193">RFC 4193</a>.
    </p>

    <p><!-- CL 301709 -->
      The Go DNS resolver now only sends one DNS query when resolving an address for an IPv4-only or IPv6-only network,
      rather than querying for both address families.
    </p>

    <p><!-- CL 307030 -->
      The <a href="/pkg/net/#ErrClosed"><code>ErrClosed</code></a> sentinel error and
      <a href="/pkg/net/#ParseError"><code>ParseError</code></a> error type now implement
      the <a href="/pkg/net/#Error"><code>net.Error</code></a> interface.
    </p>

    <p><!-- CL325829 -->
      The <a href="/pkg/net/#ParseIP"><code>ParseIP</code></a> and <a href="/pkg/net/#ParseCIDR"><code>ParseCIDR</code></a>
      functions now reject IPv4 addresses which contain decimal components with leading zeros.

      These components were always interpreted as decimal, but some operating systems treat them as octal.
      This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses
      which were then used in their original form with non-Go applications which interpreted components as octal. Generally,
      it is advisable to always re-encoded values after validation, which avoids this class of parser misalignment issues.
    </p>
  </dd>
</dl><!-- net -->

<dl id="net/http"><dt><a href="/pkg/net/http/">net/http</a></dt>
  <dd>
    <p><!-- CL 295370 -->
      The <a href="/pkg/net/http/"><code>net/http</code></a> package now uses the new
      <a href="/pkg/crypto/tls#Conn.HandshakeContext"><code>(*tls.Conn).HandshakeContext</code></a>
      with the <a href="/pkg/net/http/#Request"><code>Request</code></a> context
      when performing TLS handshakes in the client or server.
    </p>

    <p><!-- CL 235437 -->
      Setting the <a href="/pkg/net/http/#Server"><code>Server</code></a>
      <code>ReadTimeout</code> or <code>WriteTimeout</code> fields to a negative value now indicates no timeout
      rather than an immediate timeout.
    </p>

    <p><!-- CL 308952 -->
      The <a href="/pkg/net/http/#ReadRequest"><code>ReadRequest</code></a> function
      now returns an error when the request has multiple Host headers.
    </p>
  </dd>
</dl><!-- net/http -->

<dl id="net/http/httptest"><dt><a href="/pkg/net/http/httptest/">net/http/httptest</a></dt>
  <dd>
    <p><!-- CL 308950 -->
      <a href="/pkg/net/http/httptest/#ResponseRecorder.WriteHeader"><code>ResponseRecorder.WriteHeader></code></a>
      now panics when the provided code is not a valid three-digit HTTP status code.
      This matches the behavior of <a href="/pkg/net/http/#ResponseWriter"><code>ResponseWriter></code></a>
      implementations in the <a href="/pkg/net/http/"><code>net/http</code></a> package.
    </p>
  </dd>
</dl><!-- net/http/httptest -->

<dl id="net/url"><dt><a href="/pkg/net/url/">net/url</a></dt>
  <dd>
    <p><!-- CL 314850 -->
      The new method <a href="/pkg/net/url/#Values.Has"><code>Values.Has</code></a>
      reports whether a query parameter is set.
    </p>
  </dd>
</dl><!-- net/url -->

<dl id="os"><dt><a href="/pkg/os/">os</a></dt>
  <dd>
    <p><!-- CL 268020 -->
      The <a href="/pkg/os/#File.WriteString"><code>File.WriteString</code></a> method
      has been optimized to no longer make a copy of the input string.
    </p>
  </dd>
</dl><!-- os -->

<dl id="reflect"><dt><a href="/pkg/reflect/">reflect</a></dt>
  <dd>
    <p><!-- CL 266197 -->
      The new
      <a href="/pkg/reflect/#StructField.IsExported"><code>StructField.IsExported</code></a>
      and
      <a href="/pkg/reflect/#Method.IsExported"><code>Method.IsExported</code></a>
      methods report whether a struct field or type method is exported.
      They provide a more readable alternative to checking whether <code>PkgPath</code>
      is empty.
    </p>

    <p><!-- CL 281233 -->
      The new <a href="/pkg/reflect/#VisibleFields"><code>VisibleFields</code></a> function
      returns all the visible fields in a struct type, including fields inside anonymous struct members.
    </p>

    <p><!-- CL 284136 -->
      The <a href="/pkg/reflect/#ArrayOf"><code>ArrayOf</code></a> function now panics when
      called with a negative length.
    </p>
  </dd>
</dl><!-- reflect -->

<dl id="runtime/metrics"><dt><a href="/pkg/runtime/metrics">runtime/metrics</a></dt>
  <dd>
    <p><!-- CL 308933, CL 312431, CL 312909 -->
      New metrics were added that track total bytes and objects allocated and freed.
      A new metric tracking the distribution of goroutine scheduling latencies was
      also added.
    </p>
  </dd>
</dl><!-- runtime/metrics -->

<dl id="runtime/pprof"><dt><a href="/pkg/runtime/pprof">runtime/pprof</a></dt>
  <dd>
    <p><!-- CL 299991 -->
      Block profiles are no longer biased to favor infrequent long events over
      frequent short events.
    </p>
  </dd>
</dl><!-- runtime/pprof -->

<dl id="strconv"><dt><a href="/pkg/strconv/">strconv</a></dt>
  <dd>
    <p><!-- CL 170079, CL 170080 -->
      The <code>strconv</code> package now uses Ulf Adams's Ryū algorithm for formatting floating-point numbers.
      This algorithm improves performance on most inputs, and is more than 99% faster on worst-case inputs.
    </p>

    <p><!-- CL 314775 -->
      The new <a href="/pkg/strconv/#QuotedPrefix"><code>QuotedPrefix</code></a> function
      returns the quoted string (as understood by
      <a href="/pkg/strconv/#Unquote"><code>Unquote</code></a>)
      at the start of input.
    </p>
  </dd>
</dl><!-- strconv -->

<dl id="strings"><dt><a href="/pkg/strings/">strings</a></dt>
  <dd>
    <p><!-- CL 280492 -->
      The <a href="/pkg/strings/#Builder.WriteRune"><code>Builder.WriteRune</code></a> method
      now writes the replacement character U+FFFD for negative rune values,
      as it does for other invalid runes.
    </p>
  </dd>
</dl><!-- strings -->

<dl id="sync/atomic"><dt><a href="/pkg/sync/atomic/">sync/atomic</a></dt>
  <dd>
    <p><!-- CL 241678 -->
      <code>atomic.Value</code> now has <a href="/pkg/sync/atomic/#Value.Swap"><code>Swap</code></a> and
      <a href="/pkg/sync/atomic/#Value.CompareAndSwap"><code>CompareAndSwap</code></a> methods that provide
      additional atomic operations.
    </p>
  </dd>
</dl><!-- sync/atomic -->

<dl id="syscall"><dt><a href="/pkg/syscall/">syscall</a></dt>
  <dd>
    <p><!-- CL 295371 -->
    <p>
      The <a href="/pkg/syscall/#GetQueuedCompletionStatus"><code>GetQueuedCompletionStatus</code></a> and
      <a href="/pkg/syscall/#PostQueuedCompletionStatus"><code>PostQueuedCompletionStatus</code></a>
      functions are now deprecated. These functions have incorrect signatures and are superseded by
      equivalents in the <a href="https://godoc.org/golang.org/x/sys/windows"><code>golang.org/x/sys/windows</code></a> package.
    </p>

    <p><!-- CL 313653 -->
      On Unix-like systems, the process group of a child process is now set with signals blocked.
      This avoids sending a <code>SIGTTOU</code> to the child when the parent is in a background process group.
    </p>

    <p><!-- CL 288298, CL 288300 -->
      The Windows version of
      <a href="/pkg/syscall/#SysProcAttr"><code>SysProcAttr</code></a>
      has two new fields. <code>AdditionalInheritedHandles</code> is
      a list of additional handles to be inherited by the new child
      process. <code>ParentProcess</code> permits specifying the
      parent process of the new process.

    <p><!-- CL 311570 -->
      The constant <code>MSG_CMSG_CLOEXEC</code> is now defined on
      DragonFly and all OpenBSD systems (it was already defined on
      some OpenBSD systems and all FreeBSD, NetBSD, and Linux systems).
    </p>

    <p><!-- CL 315281 -->
      The constants <code>SYS_WAIT6</code> and <code>WEXITED</code>
      are now defined on NetBSD systems (<code>SYS_WAIT6</code> was
      already defined on DragonFly and FreeBSD systems;
      <code>WEXITED</code> was already defined on Darwin, DragonFly,
      FreeBSD, Linux, and Solaris systems).
    </p>
  </dd>
</dl><!-- syscall -->

<dl id="testing"><dt><a href="/pkg/testing/">testing</a></dt>
  <dd>
    <p><!-- CL 310033 -->
      Added a new <a href="/cmd/go/#hdr-Testing_flags">testing flag</a> <code>-shuffle</code> which controls the execution order of tests and benchmarks.
    </p>
    <p><!-- CL 260577 -->
      The new
      <a href="/pkg/testing/#T.Setenv"><code>T.Setenv</code></a>
      and <a href="/pkg/testing/#B.Setenv"><code>B.Setenv</code></a>
      methods support setting an environment variable for the duration
      of the test or benchmark.
    </p>
  </dd>
</dl><!-- testing -->

<dl id="text/template/parse"><dt><a href="/pkg/text/template/parse/">text/template/parse</a></dt>
  <dd>
    <p><!-- CL 301493 -->
      The new <a href="/pkg/text/template/parse/#Mode"><code>SkipFuncCheck</code></a> <a href=><code>Mode</code></a>
      value changes the template parser to not verify that functions are defined.
    </p>
  </dd>
</dl><!-- text/template/parse -->

<dl id="time"><dt><a href="/pkg/time/">time</a></dt>
  <dd>
    <p><!-- CL 260858 -->
      The <a href="/pkg/time/#Time"><code>Time</code></a> type now has a
      <a href="/pkg/time/#Time.GoString"><code>GoString</code></a> method that
      will return a more useful value for times when printed with the
      <code>%#v</code> format specifier in the <code>fmt</code> package.
    </p>

    <p><!-- CL 264077 -->
      The new <a href="/pkg/time/#Time.IsDST"><code>Time.IsDST</code></a> method can be used to check whether the time
      is in Daylight Savings Time in its configured location.
    </p>

    <p><!-- CL 293349 -->
      The new <a href="/pkg/time/#Time.UnixMilli"><code>Time.UnixMilli</code></a> and
      <a href="/pkg/time/#Time.UnixMicro"><code>Time.UnixMicro</code></a> methods return the number of milliseconds and
      microseconds elapsed since January 1, 1970 UTC respectively.<br>
      The new <code>UnixMilli</code> and <code>UnixMicro</code> functions return local Time corresponding to given
      Unix time.
    </p>

    <p><!-- CL 300996 -->
      The package now accepts comma "," as a separator for fractional seconds when parsing and formatting time.
      The following time formats are now accepted:
      <ul>
        <li>2006-01-02 14:06:03,999999999 -0700 MST</li>
        <li>Mon Jan _2 14:06:03,120007 2006</li>
        <li>Mon Jan 2 14:06:03,120007 2006</li>
      </ul>
    </p>

    <p><!-- CL 320252 -->
      The new constant <a href="/pkg/time/#Layout"><code>Layout</code></a>
      defines the reference time.
    </p>
  </dd>
</dl><!-- time -->

<dl id="unicode"><dt><a href="/pkg/unicode/">unicode</a></dt>
  <dd>
    <p><!-- CL 280493 -->
      The <a href="/pkg/unicode/#Is"><code>Is</code></a>,
      <a href="/pkg/unicode/#IsGraphic"><code>IsGraphic</code></a>,
      <a href="/pkg/unicode/#IsLetter"><code>IsLetter</code></a>,
      <a href="/pkg/unicode/#IsLower"><code>IsLower</code></a>,
      <a href="/pkg/unicode/#IsMark"><code>IsMark</code></a>,
      <a href="/pkg/unicode/#IsNumber"><code>IsNumber</code></a>,
      <a href="/pkg/unicode/#IsPrint"><code>IsPrint</code></a>,
      <a href="/pkg/unicode/#IsPunct"><code>IsPunct</code></a>,
      <a href="/pkg/unicode/#IsSpace"><code>IsSpace</code></a>,
      <a href="/pkg/unicode/#IsSymbol"><code>IsSymbol</code></a>, and
      <a href="/pkg/unicode/#IsUpper"><code>IsUpper</code></a> functions
      now return <code>false</code> on negative rune values, as they do for other invalid runes.
    </p>
  </dd>
</dl><!-- unicode -->