Skip to content

Releases: cloudflare/quiche

🔧 0.22.0

26 Jun 17:21
0.22.0
Compare
Choose a tag to compare

Breaking Changes:

  • The quiche_conn_stream_recv() and quiche_conn_stream_send() FFI functions now take an additional parameter out_error_code used to return more specific error information to the caller (similarly to what the Rust API already does).

Highlights:

  • Added number of acked bytes to the Stats structure.
  • The libquiche.so library, that exposes FFI bindings for C, will now have SONAME information.
  • Added configuration option to change the anti-amplification limit factor (default will still be "3", per RFC 9000).
  • Many more bug fixes and performance improvements.

Full changelog at 0.21.0...0.22.0

🛰️ 0.21.0

15 Apr 14:08
0.21.0
Compare
Choose a tag to compare

Highlights:

  • Added initial implementation of path MTU discovery. Note that this feature is experimental and might have bugs.
  • Added support to build against the "quictls" OpenSSL fork. Note that some features (e.g. 0-RTT) do not work yet in this mode.
  • Many more bug fixes and performance improvements.

Full changelog at 0.20.0...0.21.0

🔒 0.20.1

12 Mar 18:02
0.20.1
Compare
Choose a tag to compare

⚠️ Security:

  • Added a limit to how many connection IDs are locally queued for retirement. Without the limit an attacker could cause a server to queue an unbounded number of retired connection IDs, leading to a slow but steady increase in memory usage (CVE-2024-1410).
  • Added a limit to the maximum CRYPTO frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).

Full changelog at 0.20.0...0.20.1

🦦 0.19.2

12 Mar 18:02
0.19.2
Compare
Choose a tag to compare

⚠️ Security:

  • Added a limit to how many connection IDs are locally queued for retirement. Without the limit an attacker could cause a server to queue an unbounded number of retired connection IDs, leading to a slow but steady increase in memory usage (CVE-2024-1410).
  • Added a limit to the maximum CRYPTO frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).

Full changelog at 0.19.1...0.19.2

🔐 0.20.0

12 Dec 13:39
0.20.0
Compare
Choose a tag to compare

⚠️ Security:

  • Added a limit to how many PATH_CHALLENGE frames are queued. Without the limit an attacker could cause a server to queue an unbounded number of frames, leading to a slow but steady increase in memory usage (CVE-2023-6193).

Breaking Changes:

Highlights:

  • Many new methods are now exposed via the FFI API that can be used by non-Rust code.
  • Many more bug fixes and performance improvements.

Full changelog at 0.19.0...0.20.0

🛡️ 0.19.1

12 Dec 13:29
0.19.1
Compare
Choose a tag to compare

⚠️ Security:

  • Added a limit to how many PATH_CHALLENGE frames are queued. Without the limit an attacker could cause a server to queue an unbounded number of frames, leading to a slow but steady increase in memory usage (CVE-2023-6193).

Full changelog at 0.19.0...0.19.1

🛩️ 0.19.0

10 Nov 13:00
0.19.0
Compare
Choose a tag to compare

Breaking Changes:

Highlights:

  • Added experimental support for the BBRv2 congestion control algorithm. ⚠️ Note that more work is needed on this (particularly implementing changes to update to the newer BBRv3), so it's not quite production-ready yet, and will later be merged with the existing BBRv1 implementation.
  • Added Connection::peer_transport_params() which returns TransportParams representing the connection's peer's transport parameters.
  • Many more bug fixes and performance improvements.

Full changelog at 0.18.0...0.19.0

🔀 0.18.0

22 Aug 14:49
0.18.0
Compare
Choose a tag to compare

Breaking Changes:

  • Removed pre-RFC QUIC and HTTP/3 support (specifically for drafts 27, 28 and 29). Now only the final QUIC and HTTP/3 versions are supported.
  • Removed the HTTP/3 DATAGRAM API (specifically the h3::Event::Datagram enum variant and h3::Connection::dgram_send() / h3::Connection::dgram_recv() / h3::Connection::dgram_max_writable_len() methods). Applications should use the transport-level APIs Connection::dgram_send() and Connection::dgram_recv() (see this change for example).
  • Replaced Config::with_boring_ssl_ctx() with Config::with_boring_ssl_ctx_builder() which takes a SslContextBuilder rather than SslContext directly, for safety reasons.

Highlights:

  • Massively improved the stream prioritization implementation, which is now much more accurate and reliable (this is largely transparent to applications, as the API hasn't changed).
  • Added support for the final specification of DATAGRAMs (RFC 9297). Currently both draft and final versions are supported, but the draft support will be removed in a future release.
  • Added some APIs to make working with migration and multiple CIDs easier. Specifically Connection::source_ids() which returns all active source IDs, and Connection::retired_scids() which returns the number of retired source IDs that haven't been returned to the application yet.
  • Added Config::set_initial_congestion_window_packets() to configure the initial congestion window size.
  • Many more bug fixes and performance improvements.

Full changelog at 0.17.2...0.18.0

🏃‍♀️ 0.17.2

10 May 10:36
0.17.2
Compare
Choose a tag to compare

Highlights:

Full changelog at 0.17.1...0.17.2

🗝️ 0.17.1

30 Mar 08:51
Compare
Choose a tag to compare

Breaking Changes:

  • The minimum required rust version was bumped to 1.66.

Highlights:

Full changelog at 0.16.0...0.17.1