The fixes cover three packages: crypto/x509 (certificate parsing), mime (header parsing), and net/textproto (HTTP header handling). Any service that processes untrusted certificates or HTTP headers should treat this as a prompt upgrade — the textproto surface in particular has a history of being exploitable in HTTP request-smuggling scenarios. Bug fixes to the compiler, runtime, go fix, and crypto/fips140 round out the release.