Skip to content

v1.6.1 Hotfix: kyberslash2
Compare
Choose a tag to compare
@gaukas gaukas released this 08 Jan 17:06
· 238 commits to master since this release
v1.6.1
This tag was signed with the committer’s verified signature.
gaukas Gaukas Wang
GPG key ID: 9E2F8986D76F8B5D
Learn about vigilant mode.
8b9a63f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Security Warning

This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.

What's Changed

  • build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #273
  • feat: parse GREASE ECH from raw by @gaukas in #276
  • build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #277

Full Changelog: v1.6.0...v1.6.1

Contributors

gaukas and dependabot
Assets 2