🔐 0.20.0

⚠️ Security:

• Added a limit to how many PATH_CHALLENGE frames are queued. Without the limit an attacker could cause a server to queue an unbounded number of frames, leading to a slow but steady increase in memory usage (CVE-2023-6193).

Breaking Changes:

• Some methods related to connection IDs have been renamed to be more consistent. These are:
  • Connection::new_source_cid() -> Connection::new_scid()
  • Connection::active_source_cids() -> Connection::active_scids()
  • Connection::source_cids_left() -> Connection::scids_left()
  • Connection::retire_destination_cid() -> Connection::retire_dcid().

Highlights:

• Many new methods are now exposed via the FFI API that can be used by non-Rust code.
• Many more bug fixes and performance improvements.

Full changelog at 0.19.0...0.20.0