go http/2

The go http/2 tag on WindowsForum.com covers discussions about Go's HTTP/2 implementation, including security vulnerabilities and fixes. A notable thread addresses CVE-2026-33814, a denial-of-service flaw in Go HTTP/2 clients disclosed in May 2026, fixed in Go 1.26.3 and 1.25.10. The vulnerability allows a malicious server to cause a Go client to loop endlessly after receiving an invalid SETTINGS_MAX_FRAME_SIZE value of zero. It is not a remote-code-execution bug and does not expose credentials. For Windows environments running Go-based services, agents, CLIs, proxies, updaters, or observability tools, this distinction is important because the vulnerable component may not be at the public edge. The tag focuses on practical security and operational impacts for Go HTTP/2 users on Windows.