Quoting Toralf Förster (2022-10-14 18:08:38)
On 10/14/22 11:28, meskio wrote:
The latest version of obfs4proxy (0.0.14) comes with an important security fix.
Is there a Changelog available ?
The upstream changelog is here: https://gitlab.com/yawning/obfs4/-/blob/master/ChangeLog But I understand is not easy to understand what the problem is from that changelog.
I was pointed out today that "important security fix" might be confusing. To be clear this is 'obfuscation' security fix, this means before 0.0.14 it was possible for an observer on the network to distinguish obfs4 traffic. So is a security problem from the obfs4 user perspective.
But is not any risk for bridge operators. An attacker can *not* exploit this issue to do any harm to the operator.