v0.38.2
·
301 commits
to master
since this release
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
- limit the number of queued PATH_RESPONSE frames to 256 (#4199)
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
Full Changelog: v0.38.1...v0.38.2