github txlog/server v1.18.5
on GitHub

latest release: v1.18.6
one day ago

🔒 Security Release

This release addresses CVE-2025-64702, a security vulnerability in the HTTP/3 implementation.

Security

  • Fixed CVE-2025-64702 HTTP/3 QPACK Header Expansion DoS vulnerability by updating github.com/quic-go/quic-go from v0.54.1 to v0.57.0.

Details

The CVE-2025-64702 QPACK header expansion vulnerability could allow an attacker to trigger a Denial of Service (DoS) attack against servers using HTTP/3. This update patches the vulnerability by upgrading to the fixed version of the quic-go library.

Dependency Updates

Package Previous Updated
github.com/quic-go/quic-go v0.54.1 v0.57.0
github.com/quic-go/qpack v0.5.1 v0.6.0
go.uber.org/mock v0.5.0 v0.5.2

Recommendation

All users are encouraged to upgrade to this version immediately to mitigate the security risk.

🐳 Docker Image

docker pull cr.rda.run/txlog/server:v1.18.5

Full Changelog: v1.18.4...v1.18.5

Check out latest releases or
releases around txlog/server v1.18.5

Don't miss a new server release

NewReleases is sending notifications on new releases.

Get notifications