Skip to content

v0.5.0
Compare
Choose a tag to compare
@pires pires released this 05 Mar 12:20
· 48 commits to main since this release
v0.5.0
7f48261
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Bugfixes

The two bugs addressed below are considered serious security issues that can lead to DoS. I cannot express how thankful I am for @isedev for sharing the problem and the solution <3

  • v1: enforce header maximum size of 107 bytes to avoid unbounded memory consumption (#71)
  • v1: sender must always ensure that the header is sent at once to avoid slow loris attack (#71)

Improvements

  • Add PP2_TYPE_UNIQUE_ID (#67) thanks to @TimWolla
  • Add ReadFrom/WriteTo to increase performance when proxying wrapped connections using io.Copy (#68) thanks to @databus23
Assets 2
Loading