[medium] Update Go to 1.25.6+ to fix net/url and crypto/tls vulnerabilities

## Security Vulnerability Report

**Severity:** Medium

**Tool:** govulncheck

**Findings:**

1. **GO-2026-4341** - Memory exhaustion in query parameter parsing in `net/url`
   - Fixed in: `net/url@go1.25.6`
   - Affected: `internal/server/server.go:61`

2. **GO-2026-4340** - Handshake messages may be processed at the incorrect encryption level in `crypto/tls`
   - Fixed in: `crypto/tls@go1.25.6`
   - Affected: `internal/server/server.go:61`, `internal/tools/builtin.go:299`, `internal/tools/builtin.go:890`, `internal/session/notifier.go:137`

3. **GO-2026-4337** - Unexpected session resumption in `crypto/tls`
   - Fixed in: `crypto/tls@go1.25.7`
   - Affected: Same as above

**Recommendation:** Upgrade Go to version 1.25.7 or later.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[medium] Update Go to 1.25.6+ to fix net/url and crypto/tls vulnerabilities #1

Security Vulnerability Report

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[medium] Update Go to 1.25.6+ to fix net/url and crypto/tls vulnerabilities #1

Description

Security Vulnerability Report

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions