Changelog
[2.0.0] - 2026-07-09
Security Fixes (Enterprise Grade)
- Fixed: Timing attacks in SPA validation (eBPF and Go). Implemented constant-time comparison algorithms.
- Fixed: Invalid Checksums on Honeypot Redirects. eBPF now incrementally updates RFC1071 TCP checksums.
- Fixed: Replay Attacks on UDP SPA. Implemented SPA Version 2 with mandatory IP Binding and a 5-minute Replay Cache.
Added
--client-ipflag tospa-clientfor explicit IP binding.- Thread-safe Replay Cache (
sync.Map&sync.Mutex) in the Verifier.
[1.0.0] - Initial Release
- Basic eBPF Port Cloaking (XDP).
- UDP Single Packet Authorization (SPA Version 1).
- SPIFFE mTLS Reverse Proxy.
