Releases: refraction-networking/utls
Releases · refraction-networking/utls
v1.6.7 Allow inspecting Client Hello before locking Session/PSK
What's Changed
- Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK by @adotkhan in #301
Full Changelog: v1.6.6...v1.6.7
v1.6.6 Hotfix: QUIC must not send non-empty session ID by RFC
v1.6.5 Popular Firefox 120 parrot and deps update
What's Changed
- build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #293
- Update Firefox 120 parrot to a more popular version by @adotkhan in #296
New Contributors
Full Changelog: v1.6.4...v1.6.5
v1.6.4 bugfix: UConn incorrectly inherits Conn methods
What's Changed
- build(deps): bump github.com/quic-go/quic-go from 0.40.1 to 0.42.0 by @dependabot in #289
- fix:
(*UConn).Read()
and Secure Renegotiation by @gaukas in #292
Full Changelog: v1.6.3...v1.6.4
v1.6.3 Cryptographically Secured Shuffle
Don't panic! This does not cause any significant security concern, since modern platforms are doing fine with limited randomness from math/rand
. This patch is for some much restrictive platforms such as WebAssembly -- on which math/rand
may generate deterministic output (e.g., same random number series from each cold start).
What's Changed
Full Changelog: v1.6.2...v1.6.3
v1.6.2 Dependency and Upstream Update
What's Changed
- deps: bump all deps to latest by @gaukas in #279
- ⬆️ sync: merge changes from golang/[email protected] release branch by @gaukas in #280
Full Changelog: v1.6.1...v1.6.2
v1.6.1 Hotfix: kyberslash2
Security Warning
This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.
What's Changed
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #273
- feat: parse GREASE ECH from raw by @gaukas in #276
- build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #277
Full Changelog: v1.6.0...v1.6.1
v1.6.0 One step closer to ECH
What's New
- We now have GREASE ECH parrots (Chrome 120, Firefox 120) available!
What's Changed
- improvement: cleanup by @VeNoMouS in #253
- build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 by @dependabot in #254
- Deprecate usage of
OmitEmptyPsk
field inPreSharedKeyExtension
(closes #255) by @sleeyax in #256 - sync: go 1.21.4 by @gaukas in #261
- fix: no padding if raw clienthello is too short by @gaukas in #263
- new: vendor godicttls package by @gaukas in #265
- feat: add GREASEEncryptedClientHelloExtension by @gaukas in #266
- feat: chrome 120 non-pq client hello by @hax0r31337 in #268
- bump: firefox and chrome auto parrot to latest by @gaukas in #269
- fix: grease ech parrot for chrome 120 by @hax0r31337 in #271
- fix: incorrect firefox nss parrot ECH params by @gaukas in #272
New Contributors
- @sleeyax made their first contribution in #256
- @hax0r31337 made their first contribution in #268
Full Changelog: v1.5.4...v1.6.0
v1.5.4 Maintenance: bugfix and undo breaking API
What's Changed
- fix link to issues by @acheong08 in #244
- fix: sanity check status request v2 extension data (#246) by @VeNoMouS in #247
- feat: add an option to skip resumption on nil ext & update examples by @3andne in #239
- fix: Reuse existing PreSharedKeyExtension bug (#248) by @VeNoMouS in #251
- improvement: maintenance+cleanup+fix by @gaukas in #252
New Contributors
- @acheong08 made their first contribution in #244
- @VeNoMouS made their first contribution in #247
Full Changelog: v1.5.3...v1.5.4
v1.5.3 Hotfix: secondary key share
What's Changed
Full Changelog: v1.5.2...v1.5.3