commit 984d07c9c3f71f0a65d44064c2e4cda7c1878a0f Author: Nick Craig-Wood Date: Wed Apr 8 12:19:50 2026 +0100 Version v1.73.4 commit 06c054bbc8ad13fa7eca7180c15eeede31658b3e Author: Nick Craig-Wood Date: Wed Apr 8 09:50:20 2026 +0100 Update to go 1.25.9 to fix multiple CVEs - CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux - CVE-2026-32289: html/template: JS template literal context incorrectly tracked - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG - CVE-2026-32280: crypto/x509: unexpected work during chain building - CVE-2026-32281: crypto/x509: inefficient policy validation Fixes #9302 commit 6987bc1318347b21657ab0d41cb06c01d010a60b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed Apr 8 09:03:49 2026 +0100 build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from v1.90.0 to 1.97.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.90.0...service/s3/v1.97.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.97.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit c9ea98e75295dfeb5166ef06314c14f13a54ea6c Author: albertony <12441419+albertony@users.noreply.github.com> Date: Fri Apr 3 14:25:07 2026 +0200 docs: fix markdown issues in mount docs commit 4c5deb435cf96ad38aea54d29438e17da0b45784 Author: Clément Notin Date: Fri Apr 3 14:32:24 2026 +0200 docs: fix header level for metadata option commit d757bd664565ba8469db4c89cde33318cdbcb73d Author: Ross Smith II Date: Thu Apr 2 07:29:15 2026 -0700 fix(docs): Fix link to not be language specific commit 6b44b65fba16c36c3d8cafa0d94b51380d454c7d Author: Enduriel Date: Mon Mar 30 12:09:36 2026 +0200 filen: update SDK version - increase timeout for http requests - only use a single URL per request type commit 28805943b00a77ea263c964d093f1b3636944862 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 30 16:29:51 2026 +0000 build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0 Bumps [golang.org/x/image](https://github.com/golang/image) from 0.36.0 to 0.38.0. - [Commits](https://github.com/golang/image/compare/v0.36.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-version: 0.38.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] commit 2ed57c301bb4696e2f12242f14ea7e88cbdb67be Author: kapitainsky Date: Sat Mar 28 13:29:53 2026 +0100 docs: note macOS 10.15 (Catalina) support with version v1.70.3 due to min golang requirements macOS Catalina (10.15) can not run newer rclone versions commit 3e8d4f21181ec1df1a3ed767fc4d0135db6111f9 Author: Nick Craig-Wood Date: Mon Mar 23 23:03:10 2026 +0000 Start v1.73.4-DEV development