Sourced fromgithub.com/pion/dtls/v2's releases.

v2.2.4

Security

This release contains 2 patches by@​nerd2 from Motorola Solutions that could lead to panics at runtime. We'd like to thank Sam for finding and responsibly disclosing the vulnerabilities to@​pion/security.

• GHSA-4xgv-j62q-h3rj
• GHSA-hxp2-xqf3-v83h

Changelog

• 9e922d5 Add fuzz tests for handshake
• a50d26c Fix panic unmarshalling hello verify request
• 7a14903 Fix OOB read in server hello

v2.2.3

Changelog

• 8b8bc87 Update module github.com/pion/udp to v0.1.4

v2.2.2

Changelog

• 0473adf Add SkipHelloVerify option to dTLS
• 11ea8c2 Update module golang.org/x/crypto to v0.5.0
• f3c7b2d Update module golang.org/x/net to v0.5.0
• 3dca8e4 Update github.com/pion/transport to v2
• 3606b0d Use Go's built-in fuzzing tool instead of go-fuzz
• b122250 Update CI configs to v0.10.3
• 6aaf97c Fix fuzzing of recordLayer
• 3a6f531 Update CI configs to v0.10.1
• d0f27fe Update module github.com/pion/udp to v0.1.2
• 205e480 Update CI configs to v0.9.0
• f40c61d Update hash name check to be case insensitive
• 3026357 Update module golang.org/x/crypto to v0.4.0
• 08c3602 Update module golang.org/x/net to v0.4.0
• 5e7f90f Update CI configs to v0.8.1
• c21afb8 Ignore lint error on Subjects() deprecation
• 0b11454 Update module golang.org/x/crypto to v0.3.0
• 265bf7a Update module golang.org/x/net to v0.2.0
• f4896b5 Update module github.com/pion/transport to v0.14.1
• 1209570 Update module github.com/pion/transport to v0.14.0
• 8eed8ed Update module golang.org/x/crypto to v0.1.0
• 4ae7e13 Update CI configs to v0.8.0
• 984d41b Update golang.org/x/net digest to 107f3e3
• aabc687 Update golang.org/x/crypto digest to eccd636
• 4f8fa1e Update golang.org/x/crypto digest to c86fa9a
• 980895f Update golang.org/x/net digest to 83b083e
• a04cfcc Implement GetCertificate and GetClientCertificate
• 43968a2 Close connection when handshake timeout occurs
• b8ebc62 Set e2e/Dockerfile to golang:1.18-bullseye
• 82c1271 Implement VerifyConnection as is in tls.Config
• de299f5 Make the Elliptic curves and order configurable

... (truncated)

• 9e922d5 Add fuzz tests for handshake
• a50d26c Fix panic unmarshalling hello verify request
• 7a14903 Fix OOB read in server hello
• 8b8bc87 Update module github.com/pion/udp to v0.1.4
• 0473adf Add SkipHelloVerify option to dTLS
• 11ea8c2 Update module golang.org/x/crypto to v0.5.0
• f3c7b2d Update module golang.org/x/net to v0.5.0
• 3dca8e4 Update github.com/pion/transport to v2
• 3606b0d Use Go's built-in fuzzing tool instead of go-fuzz
• b122250 Update CI configs to v0.10.3
• Additional commits viewable incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)