CVE's with golang

What is the problem you are having with rclone?

Concerns about golang:

  • CVE-2025-22868 for oauth2 in golang
  • CVE-2025-22869 for crypto in golang

Run the command 'rclone version' and share the full output of the command.

$ rclone --version
rclone v1.69.1
- os/version: oracle 9.4 (64 bit)
- os/kernel: 5.15.0-207.156.6.el9uek.x86_64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.24.0
- go/linking: static
- go/tags: none

Yes, ran selfupdate and it is on latest and verified with downloads link

Which cloud storage system are you using? (eg Google Drive)

s3 compat other, not having issue with running rclone, CVE concern

What's the concern? GO normally gets updated on releases and the current version is 1.24.0.

You can always update / build from source if you want a later / beta version of GO.

Install