Disclosure policy question #4
Description
I'm currently in the process of refactoring almost uhm from scratch the xray-core as I'm using it in as reverse proxy for projects and in my daily life, recent release exposed race condition and I started to investigate...
Reason why I write this, I found many potential issues that could lead to traffic detection and I'd like to disclose them and figure out how to handle it, should they be disclosed or quietly updated in new releases, etc. as most clients are stuck with older versions of xray and explicit fixes could lead to direct implementation of these discovery vectors.
Regarding my refactoring, I'm covering the code with sophisticated tests, stress-tests, multiple connection tests and so on.
I believe I eliminated almost all race condition bugs in layers, implementing health management for components and dependency chain sync across all components requiring it, so all components now almost completely safe.
I rewrote buffer to gvisor with massive performance improvement, ~90% or more memory reduction and 0 GC pressure.
OMW to refactor transports, these have huge optimization opportunities and many bugs. So then mux and proxies with connections.
I'll update it to my fork when i'll be happy and clean up repo a bit.
Thank you for such cool project!