Skip to content
This repository has been archived by the owner on Apr 16, 2024. It is now read-only.

[New quic-go version] v0.38.2 #12

Closed
github-actions bot opened this issue Jan 1, 2024 · 0 comments
Closed

[New quic-go version] v0.38.2 #12

github-actions bot opened this issue Jan 1, 2024 · 0 comments
Labels
automated-issue github/release quic-go/quic-go

Comments

@github-actions
Copy link

github-actions bot commented Jan 1, 2024

This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:

  • limit the number of queued PATH_RESPONSE frames to 256 (#4199)
  • don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)

Full Changelog: v0.38.1...v0.38.2

https://github.com/quic-go/quic-go/releases/tag/v0.38.2
@sumire88 sumire88 closed this as not planned Won't fix, can't repro, duplicate, stale Jan 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
automated-issue github/release quic-go/quic-go
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sumire88