4.4.0

This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching the given array keys, see fa79253.

• Support direct HTTP/2 connections without TLS (#271)
• Security: Remove headers on cross-domain redirects