Releases: mostynb/go-grpc-compression
Releases · mostynb/go-grpc-compression
v1.2.3
This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)
This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.
https://opentelemetry.io/blog/2024/cve-2024-36129/
GHSA-c74f-6mfw-mm4v
v1.2.2
v1.2.1
v1.2.0
v1.1.19
v1.1.18
v1.1.17: add experimental s2 and klauspost_snappy
v1.1.16: upgrade github.com/klauspost/compress to v1.14.1
Upgrade zstd to 1.14.1
v1.1.15: Upgrade lz4 to v3
Run the tests on push and PR updates
v1.1.14: upgrade github.com/klauspost/compress to v1.13.6, google.golang.org/grpc to v1.42.0
Upgrade github.com/klauspost/compress to v1.13.6 and google.golang.org/grpc to v1.42.0.
This includes the following zstd improvements since v1.13.4:
- pooledZipWriter should return Writers to the same klauspost/compress#426