Update: If you are on Go 13.1 or later you do not need to do anything
Two days ago we learnt of a new vulnerability in one of the underlying technologies (Ruby on Rails) on which Go frontend is built.* Due to the severity of the issue, we have made a release of Go which fixes the issue as well as made available a priority patch.
If your Go instance is available from outside of your corporate firewall, we strongly recommend that you disable access immediately and apply the patch. You should not bring Go back up until the patch is applied.
If your Go instance is not available from outside of your corporate firewall, although the risk is reduced we still recommend you apply this patch immediately.
This is a critical security issue that requires your immediate attention.