Skip to content

v0.28.2
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Aug 21:27
v0.28.2
256b838

This patch release contains backports of:

  • updating the qtls dependencies (qtls is quic-go's fork of crypto/tls). The new versions now contain a backport of the Go standard library fix included in the Go 1.20.7 / 1.19.12 release for quic-go's crypto/tls fork: golang/go@2350afd
  • core/crypto: restrict RSA keys to <= 8192 bits: #2454. The analogous vulnerability in go-libp2p's crypto package.
  • swarm: don't open new streams over transient connections: #2450. This fixes a regression introduced in v0.26.0.

Note that in order to be protected against the DoS attack making use of large RSA keys, it's necessary to update to this patch release AND to use the updated Go compiler (1.20.7 or 1.19.12, respectively).

Full Changelog: v0.28.1...v0.28.2

Assets 2