Overview
Currently, Tyk is built using Go 1.24.x. As of February 10, 2026, with the official release of Go 1.26, Go 1.24 has reached its End of Life (EOL) according to the official Go Release Policy.
We need to upgrade the Go toolchain and runtime to a supported version (preferably 1.26, or at minimum 1.25) to ensure Tyk continues to receive critical security patches.
Business & Security Justification
Zero Security Patches: The Go project only supports the two most recent major releases. Go 1.24 will no longer receive any minor revisions for newly discovered CVEs in the standard library, crypto packages, or runtime.
Edge Security Risk: As an API Gateway, Tyk sits at the edge of the network. Running on an unsupported runtime introduces unacceptable security risks for production deployments.
Compliance Blockers: Many enterprise compliance frameworks (like SOC2, ISO 27001, and PCI-DSS) strictly require software to be built and run on vendor-supported, actively patched runtimes. Staying on 1.24 may flag Tyk in automated enterprise security and vulnerability scanners.
Overview
Currently, Tyk is built using Go 1.24.x. As of February 10, 2026, with the official release of Go 1.26, Go 1.24 has reached its End of Life (EOL) according to the official Go Release Policy.
We need to upgrade the Go toolchain and runtime to a supported version (preferably 1.26, or at minimum 1.25) to ensure Tyk continues to receive critical security patches.
Business & Security Justification
Zero Security Patches: The Go project only supports the two most recent major releases. Go 1.24 will no longer receive any minor revisions for newly discovered CVEs in the standard library, crypto packages, or runtime.
Edge Security Risk: As an API Gateway, Tyk sits at the edge of the network. Running on an unsupported runtime introduces unacceptable security risks for production deployments.
Compliance Blockers: Many enterprise compliance frameworks (like SOC2, ISO 27001, and PCI-DSS) strictly require software to be built and run on vendor-supported, actively patched runtimes. Staying on 1.24 may flag Tyk in automated enterprise security and vulnerability scanners.