There's a breaking change in Go 1.24.8 and 1.25.2 that causes PostgreSQL database connection failures with TLS certificate parsing errors. This may be the issue we've been experiencing.

*Question for @dkirwan:* Could this be the database connection issue we've been experiencing? The timeline matches (issue appeared ~4 days ago when Go 1.24.8 was released), and the symptoms align with TLS certificate validation failures.

*Upstream:* Forgejo #9656(https://codeberg.org/forgejo/forgejo/issues/9656) (confirmed bug)

A regression was introduced in Go 1.24.8 and 1.25.2 that breaks database connections when using TLS/SSL with PostgreSQL. The issue manifests as:

```
Failed to initialize ORM engine: tls: failed to parse certificate from server: x509: SAN dNSName is malformed
```

*Affected versions:*

• Go 1.24.8 (broken)
• Go 1.25.2 (broken)
• Go 1.24.7 and earlier (working)
• Go 1.25.1 and earlier (working)

*Upstream Go issues:*

• Original bug: https://github.com/golang/go/issues/75828
• Backport fix for 1.25.3: https://github.com/golang/go/issues/75861
• Practical report: https://github.com/CrunchyData/postgres-operator/issues/4316

The Forgejo v13 experimental images (`13.0-rootless`) built in the last few days use Go 1.24.8, causing all instances connecting to PostgreSQL to fail during initialization.

Upstream is working on fixes in Go 1.24.9 and 1.25.3. Temporary workaround: pin to Go 1.24.7 or 1.25.1.