This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:

• limit the number of queued PATH_RESPONSE frames to 256 (#4199)
• don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)

Full Changelog: v0.38.1...v0.38.2