Download Latest Version
v0.16.1 source code.tar.gz (6.2 MB)
Get an email when there's a new version of Elixir WebRTC
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-05-04 | 988 Bytes | |
| v0.16.1 source code.tar.gz | 2026-05-04 | 6.2 MB | |
| v0.16.1 source code.zip | 2026-05-04 | 6.3 MB | |
| Totals: 3 Items | 12.5 MB | 1 | |
Security
Fixes missing DTLS peer fingerprint validation when ExDTLS returns :handshake_finished with no outgoing packets (the DTLS client / active role, used when answering a remote offer with a=setup:actpass).
The peer's certificate fingerprint was not checked against the fingerprint advertised in the SDP. On its own, this does not allow an attacker to intercept media in standard deployments -- the remote peer's fingerprint check still applies. However, it removes one half of WebRTC's mutual authentication and could enable a full MITM if combined with insecure signaling (non-TLS), a compromised signaling server, or a peer with a similar validation gap.
All users on 0.15.0 / 0.16.0 and below should upgrade.
Details: advisory link Thanks to @songxpu for reporting the vulnerability.
Full Changelog: https://github.com/elixir-webrtc/ex_webrtc/compare/v0.16.0...v0.16.1
