From 50fdd2d49af1cdcb9900222326fd5134e735d5e4 Mon Sep 17 00:00:00 2001
From: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
Date: Fri, 6 Feb 2026 00:27:53 +0100
Subject: [PATCH] [SECURITY] fix: Adjust the toolchain version (#36537)

# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 26a2b818ef..4593df66f2 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module code.gitea.io/gitea
 
 go 1.25.0
 
-toolchain go1.25.6
+toolchain go1.25.7
 
 // rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
 // But some CAs use negative serial number, just relax the check. related: