🛡️ 0.29.2

⚠️ Security:

• Fixed a use-after-free in quiche_connection_id_iter_next(), which is part of quiche's C FFI API. The iterator previously returned a pointer to a cloned connection ID whose backing storage was dropped before the caller could read it. It now returns pointers to connection IDs owned by the iterator.
• Fixed a use-after-free in quiche_conn_retired_scid_next(), which is also part of the C FFI API. The function previously returned a pointer to a retired source connection ID whose backing storage was dropped before the caller could read it. It has been replaced by quiche_conn_retired_scid_iter(), which drains retired source connection IDs into an iterator before exposing them to callers.

The C FFI API is disabled by default via the ffi feature. The normal Rust API is not affected by these issues.

Breaking changes:

• The C API function quiche_conn_retired_scid_next() was removed and replaced with quiche_conn_retired_scid_iter() to avoid returning pointers to temporary memory. Applications using quiche_conn_retired_scid_next() should call quiche_conn_retired_scid_iter(conn), iterate with quiche_connection_id_iter_next(), and release the iterator with quiche_connection_id_iter_free().

Highlights:

• Fixed stream send-buffer accounting so congestion controller app-limited detection and Stats::tx_buffered_state track the actual bytes buffered in stream send buffers. This avoids buffered byte-count drift across retransmissions, ACKs, and stream shutdown/reset paths.

Full changelog at 0.29.1...0.29.2