Security and fixes
v. 0.7.5 (2020-05-18)
Security: backport the 0.8.x HTTP/1.1 parser and it's security updates to the 0.7.x version branch. This fixes a request smuggling attack vector and Transfer Encoding attack vector that were exposed by Sam Sanoop from the Snyk Security team (snyk.io). The parser was updated to deal with these potential issues.
Fix: (http
) fixes an issue with date calculation by backporting code from the 0.8.x branch.
Fix: (fio
) call less signal handlers during shutdown.
from v. 0.7.4
Fix: (http
) fixes an issue and improves support for chunked
encoded payloads. Credit to Ian Ker-Seymer ( @ianks ) for exposing this, writing tests (for the Ruby wrapper) and opening both the issue boazsegev/iodine#87 and the PR boazsegev/iodine#88.
Fix: (http
) requests will fail when the path contains a dangling ?
(empty query). Credit to @adam12 for exposing this and opening issue boazsegev/iodine#86.