Releases: h2o/h2o
H2O version 2.2.0-beta2
This is a beta release of version 2.2, with following new features and improvements.
- [access-log] add support for JSON-style escapes and null #1208 (Kazuho Oku)
- [access-log] add specifier for logging per-request environment variables #1221 (Yannick Koechlin)
- [http1] stop reading from socket after sending 400 to avoid the risk of assertion failure #1223 (Frederik Deweerdt)
- [proxy] add directive for controlling the
via
request header #1225 (Frederik Deweerdt) - [ssl] fix crash when a secp384r1, secp521r1 certificate is used with TLS 1.3 #1214 (Kazuho Oku)
- [ssl] fix build failure with OpenSSL 1.1.0 #1216 (Kazuho Oku)
H2O version 2.2.0-beta1
This is the first beta release of version 2.2, with following new features and improvements.
- [core] add
crash-handler.wait-pipe-close
parameter #1092 (Frederik Deweerdt) - [access-log] do not emit request-total-time twice #1017 (Kazuho Oku)
- [fastcgi] fix a bug that closes the FastCGI listener socket during startup #1203 (Frederik Deweerdt)
- [file] add directive for serving gzipped files, decompressing them on-the-fly #1140 (Ichito Nagata)
- [headers] fix buffer overrun during startup #1180 (Frederik Deweerdt)
- [http1][proxy] preserve the cases of characters used in header names #1194 (Frederik Deweerdt)
- [http1][proxy] fix undefined behavior in HTTP/1 parser #1189 (Frederik Deweerdt)
- [http2] recognize
x-http2-push-only
attribute onlink
header #1169 (Frederik Deweerdt) - [http2] add optional timeout for closing connections upon graceful shutdown #1108 (Frederik Deweerdt)
- [http2] do not ack an acked PING frame #1175 (Moto Ishisawa)
- [http2] reject requests exceeding the maximum allowed size more efficiently #1183 (Frederik Deweerdt)
- [mruby] remove dependenty to mkmf #1197 (Yuki Kurihara)
- [proxy] add directives for tweaking headers sent to upstream #1126 (Justin Zhu)
- [proxy] retain case-sensitivity of unix socket paths #1131 (Frederik Deweerdt)
- [ssl] add directive for logging session ID #1164 (Yannick Koechlin)
- [ssl] add support for TLS 1.3 draft-18 #1204 (Kazuho Oku)
- [ssl] stop evicting session entries in memcached when they are removed from internal cache #1185 (Ichito Nagata)
- [libh2o] implement
h2o_evloop_destroy
#1200 (kazan417) - [misc] add test code for fuzzing #1174 #1182 #1191 #1192 (Frederik Deweerdt, Jonathan Foote)
- [misc] fix issues reported by Coverity #1168 #1172 #1179 (Harrison Bowden, Frederik Deweerdt)
H2O version 2.1.0
This is the first release for 2.1 series, with the following new features and bug fixes from 2.0.6.
- [core] TCP latency optimization #873 #1076 (Kazuho Oku)
- [core] provide tag to include other YAML files from the configuration file #1022 (Ichito Nagata)
- [core] accept sequence of mappings for path-level configuration #1042 (Ichito Nagata)
- [core] fix broken support for TCP Fast Open in OS X #1065 (Ichito Nagata)
- [access-log] provide directive to emit request-level errors #1075 (Kazuho Oku)
- [access-log] emit values of all
set-cookie
headers concatenated #1161 (Kazuho Oku) - [fastcgi] fix connection failure when
fastcgi.spawn
is used with an uid #1119 (Kazuho Oku) - [file] more pre-defined MIME types #1103 (Joe Duarte)
- [http2][proxy] recognize link rel=preload headers in interim response as a trigger to push resources #916 (Kazuho Oku)
- [http1][http2] validate characters used in the headers #974 #1044 (Frederik Deweerdt, Kazuho Oku)
- [http1][http2] notify error downstream when an error occurred while generating a response #1031 (Frederik Deweerdt)
- [http1][http2] fix resource leak upon upgrade failure to HTTP/2 #1161 (Frederik Deweerdt)
- [http2] add
http2-push-preload
directive to turn off H2 push being initiated by link rel=preload header #929 (Kazuho Oku) - [http2] add support for
cache-digest
header #967 #988 (Kazuho Oku) - [http2] drop
host
header in HTTP/2 layer #973 #998 (Frederik Deweerdt, Kazuho Oku) - [http2] don't use etag for calculating casper cookie #986 (Kazuho Oku)
- [http2] add support for H2 debug state #1019 (Ichito Nagata)
- [mruby] add dos_detector mruby handler #1013 (Ichito Nagata)
- [mruby] add DSL for access control lists (acl) #1016 (Ichito Nagata)
- [mruby] share mruby state and constants between handlers #1032 (Ichito Nagata)
- [mruby] add library for address-block-based access control #1038 (Ichito Nagata)
- [proxy] add an option to connect to upstream using PROXY protocol #930 (Kazuho Oku)
- [proxy] don't escape
:
in URI path #977 (Frederik Deweerdt) - [proxy] preserve received URLs as much as possible #985 #1071 (Frederik Deweerdt)
- [proxy] add an option to prevent emiting x-forwarded-* headers #999 (Frederik Deweerdt)
- [proxy] cache TLS session used for upstream connections #1053 (Ichito Nagata)
- [proxy] turn on/off on-the-fly compression based on the
x-compress-hint
header #1085 (Frederik Deweerdt) - [ssl] set add_lock callback to prevent unnecessary lock-add-unlock #983 (Roberto Guimaraes)
- [ssl] add support for OpenSSL 1.1.0 #1064 (Kazuho Oku)
- [status] collect and report HTTP statistics #893 (Frederik Deweerdt)
- [status] report additional stats when jemalloc is used #1017 (Frederik Deweerdt)
- [throttle] add new handler for throttling the response bandwidth #917 (Justin Zhu)
- [libh2o] provide
h2o_rand
that calls the appropriate random function depending on the OS #927 (David CARLIER) - [libh2o] do not require use of picohttpparser.h when using the HTTP/1 client #946 (Kazuho Oku)
- [libh2o] install library files to the correct location #1116 (Frederik Deweerdt)
- [misc] provide
crash-handler
directive to customize crash logging #935 (Frederik Deweerdt) - [misc] guess the default location of h2o.conf #969 (Davsid Carlier)
- [misc] allow to disable libuv even when it is found #995 (Frederik Deweerdt)
- [misc] add font/woff2 to the default mime-type mapping #1066 (Andy Davies)
- [misc] mark JavaScript and JSON files as compressible by default #1067 (Kazuho Oku)
H2O version 2.0.6
H2O version 2.1.0-beta4
This is a beta release for 2.1 series, including following new features, bug fixes, and a security fix. Users of 2.1.0-beta series are encouraged to update to the latest version.
- [security fix] fix use-after-free vulnerability CVE-2016-7835 #1144 (Frederik Deweerdt, Kazuho Oku)
- [core] fix busy loop after receiving SIGTERM (linux) #1100 (Kazuho Oku, Frederik Deweerdt)
- [core] don't try to register kevent changes more than once (*BSD, OS X) #1113 (Ichito Nagata)
- [compress] set
vary: accept-encoding
upon negotiation failure of the compression method #1083 (Frederik Deweerdt) - [fastcgi] fix connection failure when
fastcgi.spawn
is used with an uid #1119 (Kazuho Oku) - [file] more pre-defined MIME types #1103 (Joe Duarte)
- [file] add missing
</ul>
#1106 (Kazuho Oku) - [http2] fix a bug that left connections open #1090 (Kazuho Oku)
- [http2] ignore PRIORITY frames that reference closed pushed streams #1105 (Frederik Deweerdt)
- [http2] add
Secure
attribute to the casper cookie #1134 (Kazuho Oku) - [http2] permit use of HEADERS with a smaller stream ID than a preceding PRIORITY #1136 (Frederik Deweerdt, Kazuho Oku)
- [mruby] update mruby to HEAD #1135 (Kazuho Oku)
- [proxy] set
content-length: 0
when receiving a zero-byte POST or PUT #1080 (Frederik Deweerdt) - [proxy] turn on/off on-the-fly compression based on the
x-compress-hint
header #1085 (Frederik Deweerdt) - [ssl] update libressl to 2.4.4 #1127 (Kazuho Oku)
- [ssl] erase OCSP stapling data when the stapling updater returns a permanent failure #1117 (Kazuho Oku)
- [libh2o] install library files to the correct location #1116 (Frederik Deweerdt)
H2O version 2.0.5
This is a bug-fix release for 2.0 series including a security fix. Users of H2O prior to version 2.0.4 are encouraged to update to 2.0.5 immediately.
- [security fix] fix use-after-free vulnerability CVE-2016-7835 #1144 (Frederik Deweerdt, Kazuho Oku)
- [core] fix busy loop after receiving SIGTERM (linux) #1100 (Kazuho Oku, Frederik Deweerdt)
- [core] don't try to register kevent changes more than once (*BSD, OS X) #1113 (Ichito Nagata)
- [compress] set
vary: accept-encoding
upon negotiation failure of the compression method #1083 (Frederik Deweerdt) - [file] add missing
</ul>
#1106 (Kazuho Oku) - [http2] fix a bug that left connections open #1090 (Kazuho Oku)
- [http2] ignore PRIORITY frames that reference closed pushed streams #1105 (Frederik Deweerdt)
- [http2] add
Secure
attribute to the casper cookie #1134 (Kazuho Oku) - [http2] permit use of HEADERS with a smaller stream ID than a preceding PRIORITY #1136 (Frederik Deweerdt, Kazuho Oku)
- [mruby] update mruby to HEAD #1135 (Kazuho Oku)
- [proxy] set
content-length: 0
when receiving a zero-byte POST or PUT #1080 (Frederik Deweerdt) - [ssl] update libressl to 2.4.4 #1127 (Kazuho Oku)
- [ssl] erase OCSP stapling data when the stapling updater returns a permanent failure #1117 (Kazuho Oku)
H2O version 2.1.0-beta3
This is a beta release for 2.1 series, including following new features, bug fixes, and a security fix. Users of 2.1.0-beta series are encouraged to update to the latest version.
- [security fix][core] fix DoS attack vector CVE-2016-4864 #1077 (Frederik Deweerdt, Kazuho Oku)
- [core] enable TCP latency optimization by default #873 #1076 (Kazuho Oku)
- [core] fix broken support for TCP Fast Open in OS X #1065 (Ichito Nagata)
- [access-log] provide directive to emit request-level errors #1075 (Kazuho Oku)
- [proxy] cache TLS session used for upstream connections #1053 (Ichito Nagata)
- [proxy] escape NUL when rebuilding an URL #985 (Frederik Deweerdt)
- [misc] add font/woff2 to the default mime-type mapping #1066 (Andy Davies)
- [misc] mark JavaScript and JSON files as compressible by default #1067 (Kazuho Oku)
- [libh2o] fix crash on connect timeout #960 (disigma)
H2O version 2.0.4
This is a bug-fix release for 2.0 series, including a bug fix and a security fix. Users of H2O prior to version 2.0.3 are encouraged to update to 2.0.4 immediately.
- [security fix][core] fix DoS attack vector CVE-2016-4864 #1077 (Frederik Deweerdt, Kazuho Oku)
- [libh2o] fix crash on connect timeout #960 (disigma)
H2O version 2.1.0-beta2
This is a beta release for 2.1 series, including following new features and bug fixes.
- [core] accept sequence of mappings for path-level configuration #1042 (Ichito Nagata)
- [core] provide tag to include other YAML files from the configuration file #1022 (Ichito Nagata)
- [fastcgi] setenv should displace HTTP headers #996 (Kazuho Oku)
- [file] don't use
readdir_r
on Linux, Solaris #1046 #1052 (Frederik Deweerdt, Kazuho Oku) - [http1][http2] validate characters used in the headers #974 $1044 (Frederik Deweerdt, Kazuho Oku)
- [http1][http2] notify error downstream when an error occurred while generating a response #1031 (Frederik Deweerdt)
- [http2] add support for
cache-digest
header #967 #988 (Kazuho Oku) - [http2] add support for H2 debug state #1019 (Ichito Nagata)
- [http2] fix buffer overrun #972 (Frederik Deweerdt)
- [http2] drop
host
header in HTTP/2 layer #973 #998 (Frederik Deweerdt, Kazuho Oku) - [http2] fix assertion failure:
sock->super._cb.write != ((void *)0)' failed
#873 #966 #976 (Kazuho Oku) - [http2] don't use etag for calculating casper cookie #986 (Kazuho Oku)
- [http2] fix negative error code sent when cancelling a pushed stream #1039 (Frederik Deweerdt)
- [http2] fix a bug that may cause a stream to stall #1040 (Frederik Deweerdt)
- [http2] fix a bug that reset the stream when receiving HEADERS after PRIORITY #1043 (Frederik Deweerdt)
- [mruby] add dos_detector mruby handler #1013 (Ichito Nagata)
- [mruby] add DSL for access control lists (acl) #1016 (Ichito Nagata)
- [mruby] add library for address-block-based access control #1038 (Ichito Nagata)
- [mruby] share mruby state and constants between handlers #1032 (Ichito Nagata)
- [mruby] fix mruby handler becoming unusable after failed connection in http_request on FreeBSD #1062 (Kazuho Oku)
- [proxy] add an option to prevent emiting x-forwarded-* headers #999 (Frederik Deweerdt)
- [proxy] add an option to connect to upstream using PROXY protocol #930 (Kazuho Oku)
- [proxy] don't escape
:
in URI path #977 (Frederik Deweerdt) - [proxy] preserve received URLs as much as possible #985 (Frederik Deweerdt)
- [ssl] set add_lock callback to prevent unnecessary lock-add-unlock #983 (Roberto Guimaraes)
- [ssl] add support for OpenSSL 1.1.0 #1064 (Kazuho Oku)
- [status] report additional stats when jemalloc is used #1017 (Frederik Deweerdt)
- [misc] guess the default location of h2o.conf #969 (Davsid Carlier)
- [misc] fix build error when libuv is not found #1008 (nextgenthemes)
- [misc] fix assertion failure when YAML alias and merge is used in certain way #1011 (Kazuho Oku)
- [misc] allow to disable libuv even when it is found #995 (Frederik Deweerdt)
H2O version 2.0.3
This is a bug-fix release of 2.0 series, fixing following issues found in 2.0.2.
- [file] don't use
readdir_r
on Linux, Solaris #1046 #1052 (Frederik Deweerdt, Kazuho Oku) - [http2] fix negative error code sent when cancelling a pushed stream #1039 (Frederik Deweerdt)
- [http2] fix a bug that may cause a stream to stall #1040 (Frederik Deweerdt)
- [http2] fix a bug that reset the stream when receiving HEADERS after PRIORITY #1043 (Frederik Deweerdt)
- [mruby] fix mruby handler becoming unusable after failed connection in http_request on FreeBSD #1062 (Kazuho Oku)