Skip to content

hackney 4.0.3

Choose a tag to compare

View all tags
@benoitc benoitc released this 28 May 07:48
· 59 commits to master since this release
4.0.3
0570bfb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

OTP 29 support and HTTP/3 server-certificate verification. Drop-in upgrade from 4.0.2, no API changes.

Security

  • HTTP/3 now verifies the server certificate. quic 1.4.4 authenticates the server by default; hackney passes the request's insecure option and any configured CA (cacerts/cacertfile in ssl_options) through to the QUIC connection, so verification can be disabled or pointed at a custom trust store. Without a configured CA, quic uses its default trust store.

Changed

  • Replace the deprecated catch Expr form with try ... catch so hackney compiles cleanly on OTP 29.

Dependencies

  • Bump quic to 1.4.5 (fixes server-cert chain validation when the server sends an extra cross-sign above the anchored intermediate).
  • Bump h2 to 0.6.1 (OTP 29 deprecated-catch fix).

Full changelog: https://github.com/benoitc/hackney/blob/master/NEWS.md

Assets 2
Loading