Skip to content

馃敀 0.20.1
Compare
Choose a tag to compare
@ghedo ghedo released this 12 Mar 18:02
· 101 commits to master since this release
0.20.1
This tag was signed with the committer鈥檚 verified signature.
ghedo Alessandro Ghedini
GPG key ID: 6F0CCBE021624728
Learn about vigilant mode.
dae27b7

鈿狅笍 Security:

  • Added a limit to how many connection IDs are locally queued for retirement. Without the limit an attacker could cause a server to queue an unbounded number of retired connection IDs, leading to a slow but steady increase in memory usage (CVE-2024-1410).
  • Added a limit to the maximum CRYPTO frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).

Full changelog at 0.20.0...0.20.1

Assets 2
Loading