<!DOCTYPE html> <html lang="en" data-theme="auto"> <head> <link rel="preconnect" href="https://www.googletagmanager.com"> <script >(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-W8MVQXG');</script> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="theme-color" content="#00add8"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Material+Icons"> <link rel="stylesheet" href="/css/styles.css"> <link rel="icon" href="/images/favicon-gopher.png" sizes="any"> <link rel="apple-touch-icon" href="/images/favicon-gopher-plain.png"/> <link rel="icon" href="/images/favicon-gopher.svg" type="image/svg+xml"> <link rel="me" href="https://hachyderm.io/@golang"> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-W8MVQXG');</script> <script src="/js/site.js"></script> <meta name="og:url" content="https://go.dev/doc/security/policy"> <meta name="og:title" content="Go Security Policy - The Go Programming Language"> <title>Go Security Policy - The Go Programming Language</title> <meta name="og:image" content="https://go.dev/doc/gopher/gopher5logo.jpg"> <meta name="twitter:image" content="https://go.dev/doc/gopher/gopherbelly300.jpg"> <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@golang"> </head> <body class="Site"> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-W8MVQXG" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <header class="Site-header js-siteHeader"> <div class="Header Header--dark"> <nav class="Header-nav"> <a href="/"> <img class="js-headerLogo Header-logo" src="/images/go-logo-white.svg" alt="Go"> </a> <div class="skip-navigation-wrapper"> <a class="skip-to-content-link" aria-label="Skip to main content" href="#main-content"> Skip to Main Content </a> </div> <div class="Header-rightContent"> <ul class="Header-menu"> <li class="Header-menuItem "> <a href="#" class="js-desktop-menu-hover" aria-label=Why&#32;Go aria-describedby="dropdown-description"> Why Go <i class="material-icons" aria-hidden="true">arrow_drop_down</i> </a> <div class="screen-reader-only" id="dropdown-description" hidden> Press Enter to activate/deactivate dropdown </div> <ul class="Header-submenu js-desktop-submenu-hover" aria-label="submenu"> <li class="Header-submenuItem"> <div> <a href="/solutions/case-studies"> Case Studies </a> </div> <p>Common problems companies solve with Go</p> </li> <li class="Header-submenuItem"> <div> <a href="/solutions/use-cases"> Use Cases </a> </div> <p>Stories about how and why companies use Go</p> </li> <li class="Header-submenuItem"> <div> <a href="/security/"> Security </a> </div> <p>How Go can help keep you secure by default</p> </li> </ul> </li> <li class="Header-menuItem "> <a href="/learn/" aria-label=Learn aria-describedby="dropdown-description"> Learn </a> <div class="screen-reader-only" id="dropdown-description" hidden> Press Enter to activate/deactivate dropdown </div> </li> <li class="Header-menuItem Header-menuItem--active"> <a href="#" class="js-desktop-menu-hover" aria-label=Docs aria-describedby="dropdown-description"> Docs <i class="material-icons" aria-hidden="true">arrow_drop_down</i> </a> <div class="screen-reader-only" id="dropdown-description" hidden> Press Enter to activate/deactivate dropdown </div> <ul class="Header-submenu js-desktop-submenu-hover" aria-label="submenu"> <li class="Header-submenuItem"> <div> <a href="/doc/effective_go"> Effective Go </a> </div> <p>Tips for writing clear, performant, and idiomatic Go code</p> </li> <li class="Header-submenuItem"> <div> <a href="/doc"> Go User Manual </a> </div> <p>A complete introduction to building software with Go</p> </li> <li class="Header-submenuItem"> <div> <a href="https://pkg.go.dev/std"> Standard library </a> </div> <p>Reference documentation for Go&#39;s standard library</p> </li> <li class="Header-submenuItem"> <div> <a href="/doc/devel/release"> Release Notes </a> </div> <p>Learn what&#39;s new in each Go release</p> </li> </ul> </li> <li class="Header-menuItem "> <a href="https://pkg.go.dev" aria-label=Packages aria-describedby="dropdown-description"> Packages </a> <div class="screen-reader-only" id="dropdown-description" hidden> Press Enter to activate/deactivate dropdown </div> </li> <li class="Header-menuItem "> <a href="#" class="js-desktop-menu-hover" aria-label=Community aria-describedby="dropdown-description"> Community <i class="material-icons" aria-hidden="true">arrow_drop_down</i> </a> <div class="screen-reader-only" id="dropdown-description" hidden> Press Enter to activate/deactivate dropdown </div> <ul class="Header-submenu js-desktop-submenu-hover" aria-label="submenu"> <li class="Header-submenuItem"> <div> <a href="/talks/"> Recorded Talks </a> </div> <p>Videos from prior events</p> </li> <li class="Header-submenuItem"> <div> <a href="https://www.meetup.com/pro/go"> Meetups <i class="material-icons">open_in_new</i> </a> </div> <p>Meet other local Go developers</p> </li> <li class="Header-submenuItem"> <div> <a href="/wiki/Conferences"> Conferences <i class="material-icons">open_in_new</i> </a> </div> <p>Learn and network with Go developers from around the world</p> </li> <li class="Header-submenuItem"> <div> <a href="/blog"> Go blog </a> </div> <p>The Go project&#39;s official blog.</p> </li> <li class="Header-submenuItem"> <div> <a href="/help"> Go project </a> </div> <p>Get help and stay informed from Go</p> </li> <li class="Header-submenuItem"> <div> Get connected </div> <p></p> <div class="Header-socialIcons"> <a class="Header-socialIcon" aria-label="Get connected with google-groups (Opens in new window)" href="https://groups.google.com/g/golang-nuts"><img src="/images/logos/social/google-groups.svg" /></a> <a class="Header-socialIcon" aria-label="Get connected with github (Opens in new window)" href="https://github.com/golang"><img src="/images/logos/social/github.svg" /></a> <a class="Header-socialIcon" aria-label="Get connected with twitter (Opens in new window)" href="https://twitter.com/golang"><img src="/images/logos/social/twitter.svg" /></a> <a class="Header-socialIcon" aria-label="Get connected with reddit (Opens in new window)" href="https://www.reddit.com/r/golang/"><img src="/images/logos/social/reddit.svg" /></a> <a class="Header-socialIcon" aria-label="Get connected with slack (Opens in new window)" href="https://invite.slack.golangbridge.org/"><img src="/images/logos/social/slack.svg" /></a> <a class="Header-socialIcon" aria-label="Get connected with stack-overflow (Opens in new window)" href="https://stackoverflow.com/tags/go"><img src="/images/logos/social/stack-overflow.svg" /></a> </div> </li> </ul> </li> </ul> <button class="Header-navOpen js-headerMenuButton Header-navOpen--white" aria-label="Open navigation."> </button> </div> </nav> </div> </header> <aside class="NavigationDrawer js-header"> <nav class="NavigationDrawer-nav"> <div class="NavigationDrawer-header"> <a href="/"> <img class="NavigationDrawer-logo" src="/images/go-logo-blue.svg" alt="Go."> </a> </div> <ul class="NavigationDrawer-list"> <li class="NavigationDrawer-listItem js-mobile-subnav-trigger NavigationDrawer-hasSubnav"> <a href="#"><span>Why Go</span> <i class="material-icons">navigate_next</i></a> <div class="NavigationDrawer NavigationDrawer-submenuItem"> <nav class="NavigationDrawer-nav"> <div class="NavigationDrawer-header"> <a href="#"><i class="material-icons">navigate_before</i>Why Go</a> </div> <ul class="NavigationDrawer-list"> <li class="NavigationDrawer-listItem"> <a href="/solutions/case-studies"> Case Studies </a> </li> <li class="NavigationDrawer-listItem"> <a href="/solutions/use-cases"> Use Cases </a> </li> <li class="NavigationDrawer-listItem"> <a href="/security/"> Security </a> </li> </ul> </div> </div> </li> <li class="NavigationDrawer-listItem "> <a href="/learn/">Learn</a> </li> <li class="NavigationDrawer-listItem js-mobile-subnav-trigger NavigationDrawer-listItem--active NavigationDrawer-hasSubnav"> <a href="#"><span>Docs</span> <i class="material-icons">navigate_next</i></a> <div class="NavigationDrawer NavigationDrawer-submenuItem"> <nav class="NavigationDrawer-nav"> <div class="NavigationDrawer-header"> <a href="#"><i class="material-icons">navigate_before</i>Docs</a> </div> <ul class="NavigationDrawer-list"> <li class="NavigationDrawer-listItem"> <a href="/doc/effective_go"> Effective Go </a> </li> <li class="NavigationDrawer-listItem"> <a href="/doc"> Go User Manual </a> </li> <li class="NavigationDrawer-listItem"> <a href="https://pkg.go.dev/std"> Standard library </a> </li> <li class="NavigationDrawer-listItem"> <a href="/doc/devel/release"> Release Notes </a> </li> </ul> </div> </div> </li> <li class="NavigationDrawer-listItem "> <a href="https://pkg.go.dev">Packages</a> </li> <li class="NavigationDrawer-listItem js-mobile-subnav-trigger NavigationDrawer-hasSubnav"> <a href="#"><span>Community</span> <i class="material-icons">navigate_next</i></a> <div class="NavigationDrawer NavigationDrawer-submenuItem"> <nav class="NavigationDrawer-nav"> <div class="NavigationDrawer-header"> <a href="#"><i class="material-icons">navigate_before</i>Community</a> </div> <ul class="NavigationDrawer-list"> <li class="NavigationDrawer-listItem"> <a href="/talks/"> Recorded Talks </a> </li> <li class="NavigationDrawer-listItem"> <a href="https://www.meetup.com/pro/go"> Meetups <i class="material-icons">open_in_new</i> </a> </li> <li class="NavigationDrawer-listItem"> <a href="/wiki/Conferences"> Conferences <i class="material-icons">open_in_new</i> </a> </li> <li class="NavigationDrawer-listItem"> <a href="/blog"> Go blog </a> </li> <li class="NavigationDrawer-listItem"> <a href="/help"> Go project </a> </li> <li class="NavigationDrawer-listItem"> <div>Get connected</div> <div class="Header-socialIcons"> <a class="Header-socialIcon" href="https://groups.google.com/g/golang-nuts"><img src="/images/logos/social/google-groups.svg" /></a> <a class="Header-socialIcon" href="https://github.com/golang"><img src="/images/logos/social/github.svg" /></a> <a class="Header-socialIcon" href="https://twitter.com/golang"><img src="/images/logos/social/twitter.svg" /></a> <a class="Header-socialIcon" href="https://www.reddit.com/r/golang/"><img src="/images/logos/social/reddit.svg" /></a> <a class="Header-socialIcon" href="https://invite.slack.golangbridge.org/"><img src="/images/logos/social/slack.svg" /></a> <a class="Header-socialIcon" href="https://stackoverflow.com/tags/go"><img src="/images/logos/social/stack-overflow.svg" /></a> </div> </li> </ul> </div> </div> </li> </ul> </nav> </aside> <div class="NavigationDrawer-scrim js-scrim" role="presentation"></div> <main class="SiteContent SiteContent--default" id="main-content"> <article class="Article Article--doc"> <ol class="SiteBreadcrumb"> <li class="BreadcrumbNav-li "> <a class="BreadcrumbNav-link" href="/doc/"> Documentation </a> </li> <li class="BreadcrumbNav-li "> <a class="BreadcrumbNav-link" href="/doc/security/"> Security </a> </li> <li class="BreadcrumbNav-li active"> <a class="BreadcrumbNav-link" href="/doc/security/policy"> Go Security Policy </a> </li> </ol> <h1>Go Security Policy</h1> <h2 id="overview">Overview</h2> <p>This document explains the Go Security team&rsquo;s process for handling issues reported and what to expect in return.</p> <h2 id="reporting-a-security-bug">Reporting a Security Bug</h2> <p>All security bugs in the Go distribution should be reported by email to <a href="mailto:security@golang.org">security@golang.org</a>. This mail is delivered to the Go Security team.</p> <p>To ensure your report is not marked as spam, <strong>please include the word &ldquo;vulnerability&rdquo;</strong> anywhere in your email. Please use a descriptive subject line for your report email.</p> <p>Your email will be acknowledged within 7 days, and you&rsquo;ll be kept up to date with the progress until resolution. Your issue will be fixed or made public within 90 days.</p> <p>If you have not received a reply to your email within 7 days, please follow up with the Go Security team again at <a href="mailto:security@golang.org">security@golang.org</a>. Please make sure the word <strong>vulnerability</strong> is in your email.</p> <p>If after 3 more days you have still not received an acknowledgement of your report, it is possible that your email might have been marked as spam. In that case, please <a href="https://g.co/vulnz" rel="noreferrer" target="_blank">file an issue here</a>. Select <em>&ldquo;I want to report a technical security or an abuse risk related bug in a Google product (SQLi, XSS, etc.)&rdquo;</em>, and list <em>&ldquo;Go&rdquo;</em> as the affected product.</p> <h2 id="tracks">Tracks</h2> <p>Depending on the nature of your issue, it will be categorized by the Go Security team as an issue in the PUBLIC, PRIVATE, or URGENT track. All security issues will be issued CVE numbers.</p> <p>The Go Security team does not assign traditional fine-grained severity labels (e.g CRITICAL, HIGH, MEDIUM, LOW) to security issues because severity depends highly on how a user is using the affected API or functionality.</p> <p>For example, the impact of a resource exhaustion issue in the <code>encoding/json</code> parser depends on what is being parsed. If the user is parsing trusted JSON files from their local filesystem, the impact is likely to be low. If the user is parsing untrusted arbitrary JSON from an HTTP request body, the impact may be much higher.</p> <p>That said, the following issue tracks do signal how severe and/or wide-reaching the Security team believes an issue to be. For example, an issue with medium to significant impact for many users is a PRIVATE track issue in this policy, and an issue with negligible to minor impact, or which affects only a small subset of users, is a PUBLIC track issue.</p> <h3 id="public">PUBLIC</h3> <p>Issues in the PUBLIC track affect niche configurations, have very limited impact, or are already widely known.</p> <p>PUBLIC track issues are labeled with <a href="https://github.com/golang/go/labels/Proposal-Security" rel="noreferrer" target="_blank"><code>Proposal-Security</code></a>, discussed through the <a href="https://go.googlesource.com/proposal/+/master/README.md#proposal-review" rel="noreferrer" target="_blank">Go proposal review process</a> <strong>fixed in public</strong>, and get backported to the next scheduled <a href="/wiki/MinorReleases">minor releases</a> (which occur ~monthly). The release announcement includes details of these issues, but there is no pre-announcement.</p> <p>Examples of past PUBLIC issues include:</p> <ul> <li><a href="/issue/44916">#44916</a>: archive/zip: can panic when calling Reader.Open</li> <li><a href="/issue/44913">#44913</a>: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader</li> <li><a href="/issue/43786">#43786</a>: crypto/elliptic: incorrect operations on the P-224 curve</li> <li><a href="/issue/40928">#40928</a>: net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified</li> <li><a href="/issue/40618">#40618</a>: encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs</li> <li><a href="/issue/36834">#36834</a>: crypto/x509: certificate validation bypass on Windows 10</li> </ul> <h3 id="private">PRIVATE</h3> <p>Issues in the PRIVATE track are violations of committed security properties.</p> <p>PRIVATE track issues are <strong>fixed in the next scheduled <a href="/wiki/MinorReleases">minor releases</a></strong>, and are kept private until then.</p> <p>Three to seven days before the release, a pre-announcement is sent to golang-announce, announcing the presence of one or more security fixes in the upcoming releases, and whether the issues affect the standard library, the toolchain, or both, as well as reserved CVE IDs for each of the fixes.</p> <p>Some examples of past PRIVATE issues include:</p> <ul> <li><a href="/issue/53416">#53416</a>: path/filepath: stack exhaustion in Glob</li> <li><a href="/issue/53616">#53616</a>: go/parser: stack exhaustion in all Parse* functions</li> <li><a href="/issue/54658">#54658</a>: net/http: handle server errors after sending GOAWAY</li> <li><a href="/issue/56284">#56284</a>: syscall, os/exec: unsanitized NUL in environment variables</li> </ul> <h3 id="urgent">URGENT</h3> <p>URGENT track issues are a threat to the Go ecosystem鈥檚 integrity, or are being actively exploited in the wild leading to severe damage. There are no recent examples, but they would include remote code execution in net/http, or practical key recovery in crypto/tls.</p> <p>URGENT track issues are fixed in private, and <strong>trigger an immediate dedicated security release</strong>, possibly with no pre-announcement.</p> <h2 id="flagging-existing-issues-as-security-related">Flagging Existing Issues as Security-related</h2> <p>If you believe that an <a href="/issue">existing issue</a> is security-related, we ask that you send an email to <a href="mailto:security@golang.org">security@golang.org</a>. The email should include the issue ID and a short description of why it should be handled according to this security policy.</p> <h2 id="disclosure-process">Disclosure Process</h2> <p>The Go project uses the following disclosure process:</p> <ol> <li> <p>Once the security report is received it is assigned a primary handler. This person coordinates the fix and release process.</p> </li> <li> <p>The issue is confirmed and a list of affected software is determined.</p> </li> <li> <p>Code is audited to find any potential similar problems.</p> </li> <li> <p>If it is determined, in consultation with the submitter, that a CVE number is required, the primary handler will obtain one.</p> </li> <li> <p>Fixes are prepared for the two most recent major releases and the head/master revision. Fixes are prepared for the two most recent major releases and merged to head/master.</p> </li> <li> <p>On the date that the fixes are applied, announcements are sent to <a href="https://groups.google.com/group/golang-announce" rel="noreferrer" target="_blank">golang-announce</a>, <a href="https://groups.google.com/group/golang-dev" rel="noreferrer" target="_blank">golang-dev</a>, and <a href="https://groups.google.com/group/golang-nuts" rel="noreferrer" target="_blank">golang-nuts</a>.</p> </li> </ol> <p>This process can take some time, especially when coordination is required with maintainers of other projects. Every effort will be made to handle the bug in as timely a manner as possible, however it&rsquo;s important that we follow the process described above to ensure that disclosures are handled consistently.</p> <p>For security issues that include the assignment of a CVE number, the issue is listed publicly under the <a href="https://www.cvedetails.com/vulnerability-list/vendor_id-14185/Golang.html" rel="noreferrer" target="_blank">&ldquo;Golang&rdquo; product on the CVEDetails website</a> as well as the <a href="https://web.nvd.nist.gov/view/vuln/search" rel="noreferrer" target="_blank">National Vulnerability Disclosure site</a>.</p> <h2 id="receiving-security-updates">Receiving Security Updates</h2> <p>The best way to receive security announcements is to subscribe to the <a href="https://groups.google.com/forum/#!forum/golang-announce" rel="noreferrer" target="_blank">golang-announce</a> mailing list. Any messages pertaining to a security issue will be prefixed with <code>[security]</code>.</p> <h2 id="comments-on-this-policy">Comments on This Policy</h2> <p>If you have any suggestions to improve this policy, please <a href="/issue/new">file an issue</a> for discussion.</p> </article> </main> <footer class="Site-footer"> <div class="Footer"> <div class="Container"> <div class="Footer-links"> <div class="Footer-linkColumn"> <a href="/solutions/" class="Footer-link Footer-link--primary" aria-describedby="footer-description"> Why Go </a> <a href="/solutions/use-cases" class="Footer-link" aria-describedby="footer-description"> Use Cases </a> <a href="/solutions/case-studies" class="Footer-link" aria-describedby="footer-description"> Case Studies </a> </div> <div class="Footer-linkColumn"> <a href="/learn/" class="Footer-link Footer-link--primary" aria-describedby="footer-description"> Get Started </a> <a href="/play" class="Footer-link" aria-describedby="footer-description"> Playground </a> <a href="/tour/" class="Footer-link" aria-describedby="footer-description"> Tour </a> <a href="https://stackoverflow.com/questions/tagged/go?tab=Newest" class="Footer-link" aria-describedby="footer-description"> Stack Overflow </a> <a href="/help/" class="Footer-link" aria-describedby="footer-description"> Help </a> </div> <div class="Footer-linkColumn"> <a href="https://pkg.go.dev" class="Footer-link Footer-link--primary" aria-describedby="footer-description"> Packages </a> <a href="/pkg/" class="Footer-link" aria-describedby="footer-description"> Standard Library </a> <a href="https://pkg.go.dev/about" class="Footer-link" aria-describedby="footer-description"> About Go Packages </a> </div> <div class="Footer-linkColumn"> <a href="/project" class="Footer-link Footer-link--primary" aria-describedby="footer-description"> About </a> <a href="/dl/" class="Footer-link" aria-describedby="footer-description"> Download </a> <a href="/blog/" class="Footer-link" aria-describedby="footer-description"> Blog </a> <a href="https://github.com/golang/go/issues" class="Footer-link" aria-describedby="footer-description"> Issue Tracker </a> <a href="/doc/devel/release" class="Footer-link" aria-describedby="footer-description"> Release Notes </a> <a href="/brand" class="Footer-link" aria-describedby="footer-description"> Brand Guidelines </a> <a href="/conduct" class="Footer-link" aria-describedby="footer-description"> Code of Conduct </a> </div> <div class="Footer-linkColumn"> <a href="https://www.twitter.com/golang" class="Footer-link Footer-link--primary" aria-describedby="footer-description"> Connect </a> <a href="https://www.twitter.com/golang" class="Footer-link" aria-describedby="footer-description"> Twitter </a> <a href="https://github.com/golang" class="Footer-link" aria-describedby="footer-description"> GitHub </a> <a href="https://invite.slack.golangbridge.org/" class="Footer-link" aria-describedby="footer-description"> Slack </a> <a href="https://reddit.com/r/golang" class="Footer-link" aria-describedby="footer-description"> r/golang </a> <a href="https://www.meetup.com/pro/go" class="Footer-link" aria-describedby="footer-description"> Meetup </a> <a href="https://golangweekly.com/" class="Footer-link" aria-describedby="footer-description"> Golang Weekly </a> </div> </div> </div> </div> <div class="screen-reader-only" id="footer-description" hidden> Opens in new window. </div> <div class="Footer"> <div class="Container Container--fullBleed"> <div class="Footer-bottom"> <img class="Footer-gopher" src="/images/gophers/pilot-bust.svg" alt="The Go Gopher"> <ul class="Footer-listRow"> <li class="Footer-listItem"> <a href="/copyright" aria-describedby="footer-description">Copyright</a> </li> <li class="Footer-listItem"> <a href="/tos" aria-describedby="footer-description">Terms of Service</a> </li> <li class="Footer-listItem"> <a href="http://www.google.com/intl/en/policies/privacy/" aria-describedby="footer-description" target="_blank" rel="noopener"> Privacy Policy </a> </li> <li class="Footer-listItem"> <a href="/s/website-issue" aria-describedby="footer-description" target="_blank" rel="noopener" > Report an Issue </a> </li> <li class="Footer-listItem go-Footer-listItem"> <button class="go-Button go-Button--text go-Footer-toggleTheme js-toggleTheme" aria-label="Toggle theme"> <img data-value="auto" class="go-Icon go-Icon--inverted" height="24" width="24" src="/images/icons/brightness_6_gm_grey_24dp.svg" alt="System theme"> <img data-value="dark" class="go-Icon go-Icon--inverted" height="24" width="24" src="/images/icons/brightness_2_gm_grey_24dp.svg" alt="Dark theme"> <img data-value="light" class="go-Icon go-Icon--inverted" height="24" width="24" src="/images/icons/light_mode_gm_grey_24dp.svg" alt="Light theme"> </button> </li> </ul> <a class="Footer-googleLogo" target="_blank" href="https://google.com" rel="noopener"> <img class="Footer-googleLogoImg" src="/images/google-white.png" alt="Google logo"> </a> </div> </div> </div> <script src="/js/jquery.js"></script> <script src="/js/carousels.js"></script> <script src="/js/searchBox.js"></script> <script src="/js/misc.js"></script> <script src="/js/hats.js"></script> <script src="/js/playground.js"></script> <script src="/js/godocs.js"></script> <script async src="/js/copypaste.js"></script> </footer> <section class="Cookie-notice js-cookieNotice"> <div>go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. <a target=_blank href="https://policies.google.com/technologies/cookies">Learn more.</a></div> <div><button class="go-Button">Okay</button></div> </section> </body> </html>