Log Message:
Update Go to 1.6.3.

A security-related issue was recently reported in Go's net/http/cgi package and
net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 contain
a fix for this issue.

Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation flaw in
the CGI components resulting in the HTTP_PROXY environment variable being set
by the incoming Proxy header. This environment variable was also used to set
the outgoing proxy, enabling an attacker to insert a proxy into outgoing
requests of a CGI program.

This is CVE-2016-5386 and was addressed by this change:
https://golang.org/cl/25010, tracked in this issue:
https://golang.org/issue/16405

The Go team would like to thank Dominic Scheirlinck for coordinating disclosure
of this issue across multiple languages and CGI environments. Read more about
"httpoxy" here: https://httpoxy.org/

Go 1.6.3 also adds support for macOS Sierra. See https://golang.org/issue/16354
for details.