🥧 Savoury implementation of the QUIC transport protocol and HTTP/3
Highlights:
Full changelog at https://github.com/cloudflare/quiche/compare/0.20.0...0.21.0
⚠️ Security:
CRYPTO
frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).Full changelog at https://github.com/cloudflare/quiche/compare/0.20.0...0.20.1
⚠️ Security:
CRYPTO
frame data offset that can be buffered. Without the limit an attacker could cause a server to queue an unbounded number of bytes, leading to a slow but steady increase in memory usage (CVE-2024-1765).Full changelog at https://github.com/cloudflare/quiche/compare/0.19.1...0.19.2
⚠️ Security:
PATH_CHALLENGE
frames are queued. Without the limit an attacker could cause a server to queue an unbounded number of frames, leading to a slow but steady increase in memory usage (CVE-2023-6193).Breaking Changes:
Connection::new_source_cid()
-> Connection::new_scid()
Connection::active_source_cids()
-> Connection::active_scids()
Connection::source_cids_left()
-> Connection::scids_left()
Connection::retire_destination_cid()
-> Connection::retire_dcid()
.Highlights:
Full changelog at https://github.com/cloudflare/quiche/compare/0.19.0...0.20.0
⚠️ Security:
PATH_CHALLENGE
frames are queued. Without the limit an attacker could cause a server to queue an unbounded number of frames, leading to a slow but steady increase in memory usage (CVE-2023-6193).Full changelog at https://github.com/cloudflare/quiche/compare/0.19.0...0.19.1
Breaking Changes:
Stats
(specifically fields representing transport parameters that were moved to Connection::peer_transport_params()
).Highlights:
Connection::peer_transport_params()
which returns TransportParams
representing the connection's peer's transport parameters.Full changelog at https://github.com/cloudflare/quiche/compare/0.18.0...0.19.0
Breaking Changes:
h3::Event::Datagram
enum variant and h3::Connection::dgram_send()
/ h3::Connection::dgram_recv()
/ h3::Connection::dgram_max_writable_len()
methods). Applications should use the transport-level APIs Connection::dgram_send()
and Connection::dgram_recv()
(see this change for example).Config::with_boring_ssl_ctx()
with Config::with_boring_ssl_ctx_builder()
which takes a SslContextBuilder
rather than SslContext
directly, for safety reasons.Highlights:
Connection::source_ids()
which returns all active source IDs, and Connection::retired_scids()
which returns the number of retired source IDs that haven't been returned to the application yet.Config::set_initial_congestion_window_packets()
to configure the initial congestion window size.Full changelog at https://github.com/cloudflare/quiche/compare/0.17.2...0.18.0
Highlights:
Config::set_max_pacing_rate()
to configure the maximum rate for pacing.Full changelog at https://github.com/cloudflare/quiche/compare/0.17.1...0.17.2
Breaking Changes:
Highlights:
Connection::send_ack_eliciting()
(and Connection::send_ack_eliciting_on_path()
) for the application to explicitly elicit an acknowledgment from the peer.Connection::timeout_instant()
to return timeout as std::time::Instant
instead of std::time::Duration
.Full changelog at https://github.com/cloudflare/quiche/compare/0.16.0...0.17.1
Highlights:
Config::enable_pacing()
to control whether pacing should be enabled.Full changelog at https://github.com/cloudflare/quiche/compare/0.15.0...0.16.0