Skip to content

🦦 0.19.2
Compare
Choose a tag to compare
@ghedo ghedo released this 12 Mar 18:02
· 152 commits to master since this release
0.19.2
This tag was signed with the committer’s verified signature.
ghedo Alessandro Ghedini
GPG key ID: 6F0CCBE021624728
Learn about vigilant mode.
c5e4021

⚠️ Security:

  • Added a limit to how many connection IDs are locally queued for retirement. Without the limit an attacker could cause a server to queue an unbounded number of retired connection IDs, leading to a slow but steady increase in memory usage (CVE-2024-1410).
  • Added a limit to the maximum CRYPTO frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).

Full changelog at 0.19.1...0.19.2

Assets 2
Loading