This update for go1.18 fixes the following issues: * CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http . * CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart . * CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls . The following non-security bug was fixed: * Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 .