Releases: refraction-networking/utls
Releases · refraction-networking/utls
v1.7.1
v1.7.0
What's Changed
- Fix Config.InsecureSkipTimeVerify not being respected by @adotkhan in #303
- Fixes session ticket / PSK not set by @adotkhan in #302
- fix: generate ClientHelloSpec only once by @adotkhan in #306
- fix: extMasterSecret mismatch with extended_master_secret extension by @adotkhan in #307
- Merge changes from go 1.23.4 by @mingyech in #323
- build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 by @dependabot in #326
- Merge changes from go 1.24.0 by @mingyech in #329
- Add Chrome 131 parrot and ML-KEM support by @BRUHItsABunny in #322
- feat: add support for ECH when using custom clienthello specs by @mingyech in #331
- Fix check for TLS downgrade canary by @mingyech in #337
- build(deps): bump golang.org/x/net from 0.33.0 to 0.38.0 by @dependabot in #336
New Contributors
- @mingyech made their first contribution in #323
- @BRUHItsABunny made their first contribution in #322
Full Changelog: v1.6.7...v1.7.0
Contributors
mingyech, dependabot, and 2 other contributors
Assets 2
v1.6.7 Allow inspecting Client Hello before locking Session/PSK
What's Changed
- Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK by @adotkhan in #301
Full Changelog: v1.6.6...v1.6.7
Contributors
adotkhan
Assets 2
v1.6.6 Hotfix: QUIC must not send non-empty session ID by RFC
Contributors
gaukas
Assets 2
v1.6.5 Popular Firefox 120 parrot and deps update
What's Changed
- build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #293
- Update Firefox 120 parrot to a more popular version by @adotkhan in #296
New Contributors
Full Changelog: v1.6.4...v1.6.5
Contributors
dependabot and adotkhan
Assets 2
v1.6.4 bugfix: UConn incorrectly inherits Conn methods
What's Changed
- build(deps): bump github.com/quic-go/quic-go from 0.40.1 to 0.42.0 by @dependabot in #289
- fix:
(*UConn).Read()and Secure Renegotiation by @gaukas in #292
Full Changelog: v1.6.3...v1.6.4
Contributors
gaukas and dependabot
Assets 2
v1.6.3 Cryptographically Secured Shuffle
Don't panic! This does not cause any significant security concern, since modern platforms are doing fine with limited randomness from math/rand. This patch is for some much restrictive platforms such as WebAssembly -- on which math/rand may generate deterministic output (e.g., same random number series from each cold start).
What's Changed
Full Changelog: v1.6.2...v1.6.3
Contributors
gaukas
Assets 2
v1.6.2 Dependency and Upstream Update
What's Changed
- deps: bump all deps to latest by @gaukas in #279
- ⬆️ sync: merge changes from golang/[email protected] release branch by @gaukas in #280
Full Changelog: v1.6.1...v1.6.2
Contributors
gaukas
Assets 2
v1.6.1 Hotfix: kyberslash2
Security Warning
This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.
What's Changed
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #273
- feat: parse GREASE ECH from raw by @gaukas in #276
- build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #277
Full Changelog: v1.6.0...v1.6.1
Contributors
gaukas and dependabot
Assets 2
v1.6.0 One step closer to ECH
What's New
- We now have GREASE ECH parrots (Chrome 120, Firefox 120) available!
What's Changed
- improvement: cleanup by @VeNoMouS in #253
- build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 by @dependabot in #254
- Deprecate usage of
OmitEmptyPskfield inPreSharedKeyExtension(closes #255) by @sleeyax in #256 - sync: go 1.21.4 by @gaukas in #261
- fix: no padding if raw clienthello is too short by @gaukas in #263
- new: vendor godicttls package by @gaukas in #265
- feat: add GREASEEncryptedClientHelloExtension by @gaukas in #266
- feat: chrome 120 non-pq client hello by @hax0r31337 in #268
- bump: firefox and chrome auto parrot to latest by @gaukas in #269
- fix: grease ech parrot for chrome 120 by @hax0r31337 in #271
- fix: incorrect firefox nss parrot ECH params by @gaukas in #272
New Contributors
- @sleeyax made their first contribution in #256
- @hax0r31337 made their first contribution in #268
Full Changelog: v1.5.4...v1.6.0
Contributors
VeNoMouS, gaukas, and 3 other contributors