@jxs reported a denial of service issue in quinn-proto 5 days ago:
We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.
Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.