Skip to content
This repository has been archived by the owner on Apr 16, 2024. It is now read-only.

[New quic-go version] v0.39.4 #11

Closed
github-actions bot opened this issue Jan 1, 2024 · 0 comments
Closed

[New quic-go version] v0.39.4 #11

github-actions bot opened this issue Jan 1, 2024 · 0 comments
Labels
automated-issue github/release quic-go/quic-go

Comments

@github-actions
Copy link

github-actions bot commented Jan 1, 2024

This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:

  • limit the number of queued PATH_RESPONSE frames to 256 (#4199)
  • don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)

Full Changelog: v0.39.3...v0.39.4

https://github.com/quic-go/quic-go/releases/tag/v0.39.4
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
automated-issue github/release quic-go/quic-go
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sumire88