[New quic-go version] v0.40.1
Closed this issue · 0 comments
github-actions commented
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
- limit the number of queued PATH_RESPONSE frames to 256 (#4199)
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
Full Changelog: v0.40.0...v0.40.1