4.4.0
This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders
does not replace the entire set of headers, but only operates on the headers matching the given array keys, see fa79253.
- Support direct HTTP/2 connections without TLS (#271)
- Security: Remove headers on cross-domain redirects