Null-terminate server_name in stun_is_challenge_response_str
Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
Auto-deny coturn's own database backend endpoints as relay peers
Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0
What's in this release
More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
Security fixes
What's Changed
Wrap atomic everywhere
Fix sendmmsg stride bug in multiplex-peer UDP batch flush
Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
Enable --udp-recvmmsg by default on Linux
Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap