H2O version 2.2.0-beta2

This is a beta release of version 2.2, with following new features and improvements.

• [access-log] add support for JSON-style escapes and null #1208 (Kazuho Oku)
• [access-log] add specifier for logging per-request environment variables #1221 (Yannick Koechlin)
• [http1] stop reading from socket after sending 400 to avoid the risk of assertion failure #1223 (Frederik Deweerdt)
• [proxy] add directive for controlling the via request header #1225 (Frederik Deweerdt)
• [ssl] fix crash when a secp384r1, secp521r1 certificate is used with TLS 1.3 #1214 (Kazuho Oku)
• [ssl] fix build failure with OpenSSL 1.1.0 #1216 (Kazuho Oku)

H2O version 2.2.0-beta1

This is the first beta release of version 2.2, with following new features and improvements.

• [core] add crash-handler.wait-pipe-close parameter #1092 (Frederik Deweerdt)
• [access-log] do not emit request-total-time twice #1017 (Kazuho Oku)
• [fastcgi] fix a bug that closes the FastCGI listener socket during startup #1203 (Frederik Deweerdt)
• [file] add directive for serving gzipped files, decompressing them on-the-fly #1140 (Ichito Nagata)
• [headers] fix buffer overrun during startup #1180 (Frederik Deweerdt)
• [http1][proxy] preserve the cases of characters used in header names #1194 (Frederik Deweerdt)
• [http1][proxy] fix undefined behavior in HTTP/1 parser #1189 (Frederik Deweerdt)
• [http2] recognize x-http2-push-only attribute on link header #1169 (Frederik Deweerdt)
• [http2] add optional timeout for closing connections upon graceful shutdown #1108 (Frederik Deweerdt)
• [http2] do not ack an acked PING frame #1175 (Moto Ishisawa)
• [http2] reject requests exceeding the maximum allowed size more efficiently #1183 (Frederik Deweerdt)
• [mruby] remove dependenty to mkmf #1197 (Yuki Kurihara)
• [proxy] add directives for tweaking headers sent to upstream #1126 (Justin Zhu)
• [proxy] retain case-sensitivity of unix socket paths #1131 (Frederik Deweerdt)
• [ssl] add directive for logging session ID #1164 (Yannick Koechlin)
• [ssl] add support for TLS 1.3 draft-18 #1204 (Kazuho Oku)
• [ssl] stop evicting session entries in memcached when they are removed from internal cache #1185 (Ichito Nagata)
• [libh2o] implement h2o_evloop_destroy #1200 (kazan417)
• [misc] add test code for fuzzing #1174 #1182 #1191 #1192 (Frederik Deweerdt, Jonathan Foote)
• [misc] fix issues reported by Coverity #1168 #1172 #1179 (Harrison Bowden, Frederik Deweerdt)

H2O version 2.1.0

This is the first release for 2.1 series, with the following new features and bug fixes from 2.0.6.

• [core] TCP latency optimization #873 #1076 (Kazuho Oku)
• [core] provide tag to include other YAML files from the configuration file #1022 (Ichito Nagata)
• [core] accept sequence of mappings for path-level configuration #1042 (Ichito Nagata)
• [core] fix broken support for TCP Fast Open in OS X #1065 (Ichito Nagata)
• [access-log] provide directive to emit request-level errors #1075 (Kazuho Oku)
• [access-log] emit values of all set-cookie headers concatenated #1161 (Kazuho Oku)
• [fastcgi] fix connection failure when fastcgi.spawn is used with an uid #1119 (Kazuho Oku)
• [file] more pre-defined MIME types #1103 (Joe Duarte)
• [http2][proxy] recognize link rel=preload headers in interim response as a trigger to push resources #916 (Kazuho Oku)
• [http1][http2] validate characters used in the headers #974 #1044 (Frederik Deweerdt, Kazuho Oku)
• [http1][http2] notify error downstream when an error occurred while generating a response #1031 (Frederik Deweerdt)
• [http1][http2] fix resource leak upon upgrade failure to HTTP/2 #1161 (Frederik Deweerdt)
• [http2] add http2-push-preload directive to turn off H2 push being initiated by link rel=preload header #929 (Kazuho Oku)
• [http2] add support for cache-digest header #967 #988 (Kazuho Oku)
• [http2] drop host header in HTTP/2 layer #973 #998 (Frederik Deweerdt, Kazuho Oku)
• [http2] don't use etag for calculating casper cookie #986 (Kazuho Oku)
• [http2] add support for H2 debug state #1019 (Ichito Nagata)
• [mruby] add dos_detector mruby handler #1013 (Ichito Nagata)
• [mruby] add DSL for access control lists (acl) #1016 (Ichito Nagata)
• [mruby] share mruby state and constants between handlers #1032 (Ichito Nagata)
• [mruby] add library for address-block-based access control #1038 (Ichito Nagata)
• [proxy] add an option to connect to upstream using PROXY protocol #930 (Kazuho Oku)
• [proxy] don't escape : in URI path #977 (Frederik Deweerdt)
• [proxy] preserve received URLs as much as possible #985 #1071 (Frederik Deweerdt)
• [proxy] add an option to prevent emiting x-forwarded-* headers #999 (Frederik Deweerdt)
• [proxy] cache TLS session used for upstream connections #1053 (Ichito Nagata)
• [proxy] turn on/off on-the-fly compression based on the x-compress-hint header #1085 (Frederik Deweerdt)
• [ssl] set add_lock callback to prevent unnecessary lock-add-unlock #983 (Roberto Guimaraes)
• [ssl] add support for OpenSSL 1.1.0 #1064 (Kazuho Oku)
• [status] collect and report HTTP statistics #893 (Frederik Deweerdt)
• [status] report additional stats when jemalloc is used #1017 (Frederik Deweerdt)
• [throttle] add new handler for throttling the response bandwidth #917 (Justin Zhu)
• [libh2o] provide h2o_rand that calls the appropriate random function depending on the OS #927 (David CARLIER)
• [libh2o] do not require use of picohttpparser.h when using the HTTP/1 client #946 (Kazuho Oku)
• [libh2o] install library files to the correct location #1116 (Frederik Deweerdt)
• [misc] provide crash-handler directive to customize crash logging #935 (Frederik Deweerdt)
• [misc] guess the default location of h2o.conf #969 (Davsid Carlier)
• [misc] allow to disable libuv even when it is found #995 (Frederik Deweerdt)
• [misc] add font/woff2 to the default mime-type mapping #1066 (Andy Davies)
• [misc] mark JavaScript and JSON files as compressible by default #1067 (Kazuho Oku)

H2O version 2.0.6

This is a bug-fix release for 2.0 series, with the following changes:

• [compress] fix the compression quality being ignored #1154 (Yannick Koechlin)
• [mruby] stop GIT access during build #1149 (parly)

H2O version 2.1.0-beta4

This is a beta release for 2.1 series, including following new features, bug fixes, and a security fix. Users of 2.1.0-beta series are encouraged to update to the latest version.

• [security fix] fix use-after-free vulnerability CVE-2016-7835 #1144 (Frederik Deweerdt, Kazuho Oku)
• [core] fix busy loop after receiving SIGTERM (linux) #1100 (Kazuho Oku, Frederik Deweerdt)
• [core] don't try to register kevent changes more than once (*BSD, OS X) #1113 (Ichito Nagata)
• [compress] set vary: accept-encoding upon negotiation failure of the compression method #1083 (Frederik Deweerdt)
• [fastcgi] fix connection failure when fastcgi.spawn is used with an uid #1119 (Kazuho Oku)
• [file] more pre-defined MIME types #1103 (Joe Duarte)
• [file] add missing </ul> #1106 (Kazuho Oku)
• [http2] fix a bug that left connections open #1090 (Kazuho Oku)
• [http2] ignore PRIORITY frames that reference closed pushed streams #1105 (Frederik Deweerdt)
• [http2] add Secure attribute to the casper cookie #1134 (Kazuho Oku)
• [http2] permit use of HEADERS with a smaller stream ID than a preceding PRIORITY #1136 (Frederik Deweerdt, Kazuho Oku)
• [mruby] update mruby to HEAD #1135 (Kazuho Oku)
• [proxy] set content-length: 0 when receiving a zero-byte POST or PUT #1080 (Frederik Deweerdt)
• [proxy] turn on/off on-the-fly compression based on the x-compress-hint header #1085 (Frederik Deweerdt)
• [ssl] update libressl to 2.4.4 #1127 (Kazuho Oku)
• [ssl] erase OCSP stapling data when the stapling updater returns a permanent failure #1117 (Kazuho Oku)
• [libh2o] install library files to the correct location #1116 (Frederik Deweerdt)

H2O version 2.0.5

This is a bug-fix release for 2.0 series including a security fix. Users of H2O prior to version 2.0.4 are encouraged to update to 2.0.5 immediately.

• [security fix] fix use-after-free vulnerability CVE-2016-7835 #1144 (Frederik Deweerdt, Kazuho Oku)
• [core] fix busy loop after receiving SIGTERM (linux) #1100 (Kazuho Oku, Frederik Deweerdt)
• [core] don't try to register kevent changes more than once (*BSD, OS X) #1113 (Ichito Nagata)
• [compress] set vary: accept-encoding upon negotiation failure of the compression method #1083 (Frederik Deweerdt)
• [file] add missing </ul> #1106 (Kazuho Oku)
• [http2] fix a bug that left connections open #1090 (Kazuho Oku)
• [http2] ignore PRIORITY frames that reference closed pushed streams #1105 (Frederik Deweerdt)
• [http2] add Secure attribute to the casper cookie #1134 (Kazuho Oku)
• [http2] permit use of HEADERS with a smaller stream ID than a preceding PRIORITY #1136 (Frederik Deweerdt, Kazuho Oku)
• [mruby] update mruby to HEAD #1135 (Kazuho Oku)
• [proxy] set content-length: 0 when receiving a zero-byte POST or PUT #1080 (Frederik Deweerdt)
• [ssl] update libressl to 2.4.4 #1127 (Kazuho Oku)
• [ssl] erase OCSP stapling data when the stapling updater returns a permanent failure #1117 (Kazuho Oku)

H2O version 2.1.0-beta3

This is a beta release for 2.1 series, including following new features, bug fixes, and a security fix. Users of 2.1.0-beta series are encouraged to update to the latest version.

• [security fix][core] fix DoS attack vector CVE-2016-4864 #1077 (Frederik Deweerdt, Kazuho Oku)
• [core] enable TCP latency optimization by default #873 #1076 (Kazuho Oku)
• [core] fix broken support for TCP Fast Open in OS X #1065 (Ichito Nagata)
• [access-log] provide directive to emit request-level errors #1075 (Kazuho Oku)
• [proxy] cache TLS session used for upstream connections #1053 (Ichito Nagata)
• [proxy] escape NUL when rebuilding an URL #985 (Frederik Deweerdt)
• [misc] add font/woff2 to the default mime-type mapping #1066 (Andy Davies)
• [misc] mark JavaScript and JSON files as compressible by default #1067 (Kazuho Oku)
• [libh2o] fix crash on connect timeout #960 (disigma)

H2O version 2.0.4

This is a bug-fix release for 2.0 series, including a bug fix and a security fix. Users of H2O prior to version 2.0.3 are encouraged to update to 2.0.4 immediately.

• [security fix][core] fix DoS attack vector CVE-2016-4864 #1077 (Frederik Deweerdt, Kazuho Oku)
• [libh2o] fix crash on connect timeout #960 (disigma)

H2O version 2.1.0-beta2

This is a beta release for 2.1 series, including following new features and bug fixes.

• [core] accept sequence of mappings for path-level configuration #1042 (Ichito Nagata)
• [core] provide tag to include other YAML files from the configuration file #1022 (Ichito Nagata)
• [fastcgi] setenv should displace HTTP headers #996 (Kazuho Oku)
• [file] don't use readdir_r on Linux, Solaris #1046 #1052 (Frederik Deweerdt, Kazuho Oku)
• [http1][http2] validate characters used in the headers #974 $1044 (Frederik Deweerdt, Kazuho Oku)
• [http1][http2] notify error downstream when an error occurred while generating a response #1031 (Frederik Deweerdt)
• [http2] add support for cache-digest header #967 #988 (Kazuho Oku)
• [http2] add support for H2 debug state #1019 (Ichito Nagata)
• [http2] fix buffer overrun #972 (Frederik Deweerdt)
• [http2] drop host header in HTTP/2 layer #973 #998 (Frederik Deweerdt, Kazuho Oku)
• [http2] fix assertion failure: sock->super._cb.write != ((void *)0)' failed #873 #966 #976 (Kazuho Oku)
• [http2] don't use etag for calculating casper cookie #986 (Kazuho Oku)
• [http2] fix negative error code sent when cancelling a pushed stream #1039 (Frederik Deweerdt)
• [http2] fix a bug that may cause a stream to stall #1040 (Frederik Deweerdt)
• [http2] fix a bug that reset the stream when receiving HEADERS after PRIORITY #1043 (Frederik Deweerdt)
• [mruby] add dos_detector mruby handler #1013 (Ichito Nagata)
• [mruby] add DSL for access control lists (acl) #1016 (Ichito Nagata)
• [mruby] add library for address-block-based access control #1038 (Ichito Nagata)
• [mruby] share mruby state and constants between handlers #1032 (Ichito Nagata)
• [mruby] fix mruby handler becoming unusable after failed connection in http_request on FreeBSD #1062 (Kazuho Oku)
• [proxy] add an option to prevent emiting x-forwarded-* headers #999 (Frederik Deweerdt)
• [proxy] add an option to connect to upstream using PROXY protocol #930 (Kazuho Oku)
• [proxy] don't escape : in URI path #977 (Frederik Deweerdt)
• [proxy] preserve received URLs as much as possible #985 (Frederik Deweerdt)
• [ssl] set add_lock callback to prevent unnecessary lock-add-unlock #983 (Roberto Guimaraes)
• [ssl] add support for OpenSSL 1.1.0 #1064 (Kazuho Oku)
• [status] report additional stats when jemalloc is used #1017 (Frederik Deweerdt)
• [misc] guess the default location of h2o.conf #969 (Davsid Carlier)
• [misc] fix build error when libuv is not found #1008 (nextgenthemes)
• [misc] fix assertion failure when YAML alias and merge is used in certain way #1011 (Kazuho Oku)
• [misc] allow to disable libuv even when it is found #995 (Frederik Deweerdt)

H2O version 2.0.3

This is a bug-fix release of 2.0 series, fixing following issues found in 2.0.2.

• [file] don't use readdir_r on Linux, Solaris #1046 #1052 (Frederik Deweerdt, Kazuho Oku)
• [http2] fix negative error code sent when cancelling a pushed stream #1039 (Frederik Deweerdt)
• [http2] fix a bug that may cause a stream to stall #1040 (Frederik Deweerdt)
• [http2] fix a bug that reset the stream when receiving HEADERS after PRIORITY #1043 (Frederik Deweerdt)
• [mruby] fix mruby handler becoming unusable after failed connection in http_request on FreeBSD #1062 (Kazuho Oku)