net/http: Inconsistent HTTP/s_PROXY precendence
Read on GitHub Proposal Details the golang net/http package has an inconsistency with other similar implementations that handles PROXY environment variable. the uppe
Issue #13
Auth bypass in Fleet MDM and OTel exporter memory exhaustion patched
Three Go vulnerability advisories land: an authentication bypass on the Windows MDM management endpoint in github.com/fleetdm/fleet/v4, unbounded HTTP response body reads in the OpenTelemetry OTLP exporters that can exhaust memory, and uncontrolled memory allocation when parsing SPDY frames in github.com/moby/spdystream.
Wednesday, May 27, 2026 · Issue #13
🐿️ Auth bypass in Fleet MDM and OTel exporter memory exhaustion patched
Three Go vulnerability advisories land: an authentication bypass on the Windows MDM management endpoint in github.com/fleetdm/fleet/v4, unbounded HTTP response body reads in the OpenTelemetry OTLP exporters that can exhaust memory, and uncontrolled memory allocation when parsing SPDY frames in github.com/moby/spdystream.
Proposals 2
proposal: net/http: add Transport.MaxRequestsPerConn
Read on GitHub Proposal Details Problem Brief The LIFO implementation of the http.Transport idle connection pool can interact badly with some workloads causing back
Discussions 8
How do you handle rollback when the client disconnects mid-saga?
Read on Reddit I'm working on a multi-step provisioning pipeline (5+ gRPC calls). The thing that bit me recently was: HTTP client gives up halfway, ctx is cancelled, and now I have half-allocated resources nobody's
I built Cordium - a FOSS general-purpose sandbox platform in Go
Read on Reddit Cordium is a project that I have been working on for a long time and now I am open sourcing it under Apache 2.0. It was initially meant as a remote development environment (i.e. similar to GitHub Code
Go + Eino ADK Quickstart: Master Core AI Agent Design Patterns
Read on Reddit Build composable, interruptible multi-agent workflows in Go with Eino’s unified Agent abstraction—ReAct, WorkflowAgents, Supervisor, Plan-Execute-Replan, and DeepAgents.
Windows Defender flagged my open-source MCP security scanner as a Trojan. 1/71 engines on VirusTotal. Here's what happened.
Read on Reddit I built MCPSense, an open source CLI tool that scans MCP (Model Context Protocol) server configs for security issues like command injection, credential leaks, and prompt injection. Written in Go, comp
Articles 5
Shipping Your Machine: Building a Container in 50 Lines of Code (Part 2)
Read on Dev.to Welcome Back to the Jailhouse In Part 1 of this series, we built the foundation of our...
I Built a REST Microservice With a Database in 3 Files — and Wrote Zero Code
Read on Dev.to Mycel is a declarative microservice framework for Go. You don't write the service — you declare it in HCL, and the runtime serves it. Here's the whole thing in three files, running in two minutes.
I built a free Bitly/TinyURL alternative and self-hosted it on a $6/mo VPS — here's the full stack
Read on Dev.to I got tired of Bitly limiting me to 10 links/month for free and TinyURL having zero analytics. So I...
Why I Reach for Go When Building Backend Services
Read on Medium I use TypeScript often. I like Python for the things Python is great at. I have built backend services in Node.js, worked across different& x2026; Continue reading on Medium »
7 Go Engineering Lessons I Learned the Hard Way
Read on Medium We were running a Go background job system alongside a Rails monolith, scaling EC2 clusters based on Redis queue depth, and breaking& x2026; Continue reading on Level Up Coding »
Videos 5
Mythfall - Grappling with the skill tree (Golang MMO)
Read on YouTube Welcome! Here we do all things programming. Mostly in Golang, but sometimes in other languages. My main objective is to write ...
Payment Processor System | Weekend Dev 50 | Golang Projects
Read on YouTube In this video, we build the Payment Processor System, a Golang project focused on handling and validating financial transactions.
CLI Expense Tracker | Weekend Dev 50 | Golang Projects
Read on YouTube In this video, we build the CLI Expense Tracker, a Golang project for managing personal expenses through the command line.
HTML Link Extractor | Weekend Dev 50 | Golang Projects
Read on YouTube In this video, we build the HTML Link Extractor, a Golang utility that extracts and processes links from web pages. You will learn ...
Trending 5
glanceapp/glance
Read on GitHub Trending A self-hosted dashboard that puts all your feeds in one place
harness/harness
Read on GitHub Trending Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries.
caddyserver/caddy
Read on GitHub Trending Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
prometheus/prometheus
Read on GitHub Trending The Prometheus monitoring system and time series database.
gin-gonic/gin
Read on GitHub Trending Gin is a high-performance HTTP web framework written in Go. It provides a Martini-like API but with significantly better performance—up to 40 times faster—thanks to httprouter. Gin is designed for
Security 3
Windows MDM management endpoint authentication bypass in github.com/fleetdm/fleet/v4
Read on Go Vulnerabilities Windows MDM management endpoint authentication bypass in github.com/fleetdm/fleet/v4
Oversized OTLP HTTP response bodies can cause memory exhaustion in go.opentelemetry.io/otel/exporters/otlp
Read on Go Vulnerabilities The OTLP HTTP exporters (traces, metrics, and logs) do not limit the size of the HTTP response body read from the collector. A malicious or misconfigured collector can send a large response body, lead
Uncontrolled resource consumption when parsing SPDY frames in github.com/moby/spdystream
Read on Go Vulnerabilities The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause
Get the digest in your inbox
The best Go stories from across the community, ranked and delivered weekday mornings. Free, no spam.