You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No actively exploited issues, but it includes update to go-libp2p 0.34 which comes with two types of fixes that have security impact short/mid-term:
Resource manager that is now IP aware, and ships with preconfigured connection limits per CIDR, making unknown / future DoS attacks more expensive (connection-based DoS have to become DDoS, coming from different networks).
Stability/security fixes for /webrtc-direct transport as well. It is not used by many nodes atm, but will be enabled by default in Kubo 0.30, and the more nodes will expose such listener, Brave users will start connecting over this transport to peers that don't have other transports (even if Brave is stuck on older version, the majority of swarm will upgrade).
Ack, I understand the feasibility of this update depends on ETA of #37735 (fwiw Kubo release cadence is every ~5 weeks, and Brave is already 2 versions behind).
cc @cypt4 (#37578 can be closed)
Signed Binaries: https://dist.ipfs.tech/kubo/v0.29.0/
Release Notes: https://github.com/ipfs/kubo/blob/master/docs/changelogs/v0.29.md (ipfs/kubo#10353)
The text was updated successfully, but these errors were encountered: