🛡️ 0.24.4

⚠️ Security:

Implemented proper ACK range validation. Without this an attacker could cause the congestion window to grow beyond typical expectations by sending ACK frames covering a large range of packet numbers, which could potentially lead to an overflow and a crash (CVE-2025-4821).
Implemented mitigations for optimistic ACK attacks. Without this an attacker could cause the congestion window to grow beyond typical expectations by sending ACK frames covering a large range of packet numbers, allowing more bytes in flight than the path might really support (CVE-2025-4820).

Highlights:

Added Config::set_send_capacity_factor() to control the amount of stream data that can be buffered within quiche.
Added a new stat for reporting spuriously lost packets.
Many more bug fixes and performance improvements.

Full changelog at https://github.com/cloudflare/quiche/compare/0.24.0...0.24.4

⚠️ Security:

Implemented proper ACK range validation. Without this an attacker could cause the congestion window to grow beyond typical expectations by sending ACK frames covering a large range of packet numbers, which could potentially lead to an overflow and a crash (CVE-2025-4821).
Implemented mitigations for optimistic ACK attacks. Without this an attacker could cause the congestion window to grow beyond typical expectations by sending ACK frames covering a large range of packet numbers, allowing more bytes in flight than the path might really support (CVE-2025-4820).

Highlights:

Added Config::set_send_capacity_factor() to control the amount of stream data that can be buffered within quiche.
Added a new stat for reporting spuriously lost packets.
Many more bug fixes and performance improvements.

Full changelog at https://github.com/cloudflare/quiche/compare/0.24.0...0.24.4

quiche