This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages - CVE-2021-44717: syscall: don"t close fd 0 on ForkExec error . - CVE-2021-44716: net/http: limit growth of header canonicalization cache .