Skip to content

🔒 0.20.1

Compare
Choose a tag to compare
@ghedo ghedo released this 12 Mar 18:02
· 136 commits to master since this release
0.20.1

⚠️ Security:

  • Added a limit to how many connection IDs are locally queued for retirement. Without the limit an attacker could cause a server to queue an unbounded number of retired connection IDs, leading to a slow but steady increase in memory usage (CVE-2024-1410).
  • Added a limit to the maximum CRYPTO frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).

Full changelog at 0.20.0...0.20.1