go1.4 was updated to fix the following vulnerabilities:

- CVE-2016-5386: Remote attacker could have set the application's HTTP_PROXY environment variable via Proxy headers (boo#988487)