fix(dtls): upgrade pion/dtls v2.2.6 to v3.1.1 fixing CVE-2026-26014
Upgrade github.com/pion/dtls from v2.2.6 to v3.1.1 to fix nonce reuse vulnerability in AES-GCM ciphers (GHSA-9f3f-wv7r-qc8r). Migrate from deprecated Config-struct API to ListenWithOptions/ClientWithOptions options-based API. v2 Config fields mapped to v3 functional options: - Certificates, InsecureSkipVerify, ExtendedMasterSecret, ServerName, RootCAs, ClientCAs, ClientAuth, FlightInterval, MTU ConnectContextMaker removed — no longer exists in v3; explicit HandshakeContext(ctx) on *Conn is the replacement for timeout control.
This commit is contained in:
@@ -23,7 +23,7 @@ require (
|
||||
github.com/miekg/dns v1.1.61
|
||||
github.com/mitchellh/go-homedir v1.1.0
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible
|
||||
github.com/pion/dtls/v2 v2.2.6
|
||||
github.com/pion/dtls/v3 v3.1.1
|
||||
github.com/pires/go-proxyproto v0.8.1
|
||||
github.com/prometheus/client_golang v1.19.1
|
||||
github.com/quic-go/quic-go v0.59.0
|
||||
@@ -94,9 +94,8 @@ require (
|
||||
github.com/modern-go/reflect2 v1.0.2 // indirect
|
||||
github.com/onsi/gomega v1.34.2 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
|
||||
github.com/pion/logging v0.2.2 // indirect
|
||||
github.com/pion/transport/v2 v2.0.2 // indirect
|
||||
github.com/pion/udp/v2 v2.0.1 // indirect
|
||||
github.com/pion/logging v0.2.4 // indirect
|
||||
github.com/pion/transport/v4 v4.0.1 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
||||
github.com/prometheus/client_model v0.6.0 // indirect
|
||||
|
||||
Reference in New Issue
Block a user