Skip to content

v1.4.1
Compare
Choose a tag to compare
@savsgio savsgio released this 01 Sep 13:01
· 172 commits to master since this release
v1.4.1
cdeeb14

Notable Changes

⚠️ This release fixes a potential denial-of-service (DoS) vector in gorilla/websocket, and we recommend that all users upgrade to this version (v1.4.1) or later

The vulnerability could allow an attacker to consume excessive amounts of memory on the server by bypassing read limits, and potentially cause the server to go out-of-memory (OOM).

See the published security advisory for more details.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

CHANGELOG

  • cdeeb14 Upgrade gotils (Sergio Andres Virviescas Santana)
  • 9f866a0 Upgrade fasthttp to v1.4.0 (Sergio Andres Virviescas Santana)
  • 1f864ca Create SECURITY.md (Kirill Danshin)
  • 898d5d0 Upgrade fasthttp to v1.3.0 and gotils (Sergio Andres Virviescas Santana)
  • d07f92a Add support to go 1.12 (Sergio Andres Virviescas Santana)
  • 8e5a1dc Upgrade fasthttp to v1.2.0 (Sergio Andres Virviescas Santana)
  • 7eb5830 Avoid defer (Sergio Andres Virviescas Santana)
  • 6af130c Upgrade fasthttp and gotils (Sergio Andres Virviescas Santana)
  • 9ead52e Improvements (Sergio Andres Virviescas Santana)
  • 7301318 Update README, dep will be deprecated (Sergio Andres Virviescas Santana)
  • 9ffe4aa Remove dep support (Sergio Andres Virviescas Santana)
  • 55b3f8b Support Go modules (Sergio Andres Virviescas Santana)
  • 184a914 Add "in bytes" to sizes in fasthttp documentation (Sergio Andres Virviescas Santana)
Assets 2