H2O version 1.5.0-beta4

This is a beta release for 1.5 series, with new features.

Changes:

• [mruby] provide env['rack.errors'], env['SERVER_SOFTWARE'] #517 #519 (Masayoshi Takahashi, Kazuho Oku)
• [ssl] add support for neverbleed - the OpenSSL / LibreSSL privilege separation engine #520 (Kazuho Oku)

H2O version 1.5.0-beta3

This is a beta release for 1.5 series, including a bug fix.

Changes:

• [http2] fix crash when http2-reprioritize-blocking-assets, file.custom-handler are used together #511 #514 (Kazuho Oku)

H2O version 1.5.0-beta2

This is a beta release for 1.5 series, including bug and security fixes.

Changes:

• [file] fix directory traversal vulnerability (CVE-2015-5638) (Kazuho Oku)
• [mruby] fix build failure when oniguruma is already installed #501 #506 (Kazuho Oku)
• [mruby] update sample mruby app to use rack-based API #498 (Masayoshi Takahashi)

H2O version 1.4.5

This is a bug fix release for 1.4 series, fixing a directory traversal vulnerability (CVE-2015-5638).

Changes:

• [file] fix directory traversal vulnerability (JVN#65602714)

H2O version 1.5.0-beta1

This is a beta release for 1.5.0, introducing new features and bug fixes since 1.4.4.

• [core] introduce is_compressible and priority attributes to MIME map #436 #496 (Kazuho Oku)
• [access-log] fix bug that emitted unnecessary NUL char in certain conditions #462 #463 (Kazuho Oku)
• [fastcgi] support for http2 server-push using link: rel=preload header #446 (Kazuho Oku)
• [file] send etag and vary headers on 304 response #439 (Kazuho Oku)
• [file] sort directory listing #412 #474 (Kazuho Oku)
• [gzip] introduce support for on-the-fly gzip #413 #457 (Justin Zhu)
• [http2] introduce cookie-based implementation of cache-aware server-push #421 #432 (Kazuho Oku)
• [http2] improve HPACK compression ratio of server-push #450 (Kazuho Oku)
• [http2] never push if client requested not to #464 (Kazuho Oku)
• [http2] send content-length if possible #472 (Kazuho Oku)
• [mruby] production-level support with Rack-based interface #467 #475 #489 (Kazuho Oku)
• [reproxy] support delegation using relative URL #468 (Kazuho Oku)
• [reproxy] preserve method if status is 307 or 308 #491 (Kazuho Oku)
• [ssl] improved error handling of openssl ocsp command #449 #454 (Tatsuhiro Tsujikawa)
• [ssl] use libressl on ARM as well #485 (Kazuho Oku)

H2O version 1.4.4

This is a bug fix release, fixing the following issues in 1.4.3.

• [misc] fix install error of libh2o-evloop in case development files of OpenSSL cannot be found #443 (Kazuho Oku)

H2O version 1.4.3

This is a bug fix release, fixing the following issues in 1.4.2 (and earlier versions).

• [fastcgi] change ownership of domain socket when fastcgi.spawn command is used #443 (Masaki TAGAWA)
• [fastcgi] kill fastcgi processes spawned by fastcgi.spawn command when standalone server receives SIGINT #444 (Kazuho Oku)
• [file] fix file descriptor leak on multi-range request #434 (Justin Zhu)
• [ssl] update libressl to 2.2.2 #440 (Kazuho Oku)
• [misc] fix build error in case development files of OpenSSL cannot be found #433 (Kazuho Oku)

H2O version 1.4.2

This is a bug fix release. It fixes the following issue in version 1.4.1.

• [fastcgi] do not concatenate the headers (ex. Set-Cookie) sent by a FastCGI app #427 (Kazuho Oku)
• [ssl] for guarding session ticket secret use writer-preferred locks on Linux as well #423 (Kazuho Oku)
• [misc] suppress compiler warnings #415 (Syohei YOSHIDA)

H2O version 1.4.1

This is a bug fix release. It fixes the following issue in version 1.4.0.

• [core] respect the value of the user configuration directive (was always switching to nobody) #416 (Kazuho Oku)

H2O version 1.4.0

(note: version 1.4.1 has been released)

This is a major release with improvements and bug fixes.

• [core] add support for the PROXY protocol #386 #389 (Kazuho Oku)
• [core] drop privileges if run as root without user directive #410 (Kazuho Oku)
• [fastcgi] pass HTTPS: on to FastCGI application if the scheme is HTTPS #379 (Kazuho Oku)
• [fastcgi] drop privileges of the fastcgi process spawned by fastcgi.spawn #414 (Kazuho Oku)
• [mruby] introduce experimental mruby handler #378 #387 #399 #402 #404 #408 (Ryosuke Matsumoto)
• [proxy] support application server listening to unix-domain socket #383 (Kazuho Oku)
• [SSL] implement session cache using memcached #391 #395 (Kazuho Oku)
• [SSL] session ticket with automatic rollover, file-based and memcached-based sharing #395 #400 (Kazuho Oku)
• [SSL] fix server crash during startup if more than 4 certificates are used #375 (Kazuho Oku)
• [misc] support for musl (C runtime running on Linux other than glibc) #374 (Bennett Goble)
• [misc] do not spawn processes / create files unless the server is starting #381 (Kazuho Oku)
• [misc] support for OpenIndiana (and other Solaris-based OS) #384 (Kazuho Oku)
• [misc] replace select-based backend with poll #385 (Kazuho Oku)
• [misc] update libyaml to 0.1.6 #379 (Martell Malone)