@kazuho kazuho released this Jun 2, 2018 · 431 commits to master since this release

Assets 2

This is the first beta release of version 2.3 series. Changes from version 2.2.5 are as follows.

  • [core] forbid empty path string in configuration #1506 (Ichito Nagata)
  • [core] use eventfd instead of pipe on linux #1533 (Baodong Chen)
  • [core] remove redundancy #1568 #1569 #1584 #1596 (Baodong Chen)
  • [core] !env for respecting environment variables from the configuration file #1524 (Yannick Koechlin)
  • [core] avoid copying vector when calling writev #1600 (Kazuho Oku)
  • [core] alignment-aware allocation from memory pool #1605 (Baodong Chen)
  • [core] stash directive for storing arbitrary YAML data #1739 (Ichito Nagata)
  • [access-log] log connections that closed prior to sending a response #1235 (Kazuho Oku)
  • [compress] update brotli to 1.0.2 #1523 (Kazuho Oku)
  • [fastcgi] accept default as a keyword of the extensions attribute #1414 (Ichito Nagata)
  • [fastcgi] add verbose mode to fastcgi-cgi gateway #1466 (Kazuho Oku)
  • [fastcgi][mruby][proxy] do not delay sending the headers until some chunk of body becomes available #1508 (Ichito Nagata)
  • [http1][http2] support for server-timing #1646 #1717 (Ichito Nagata)
  • [http1][http2] forward informational responses #1727 (Ichito Nagata)
  • [http2] support critical attribute in preload link header #1436 (Kazuho Oku, Frederik Deweerdt)
  • [http2] continue to process active streams after sending GOAWAY upon graceful shutdown #1556 (Ichito Nagata)
  • [mime] more predefined types #1398 #1632 #1708 #1723 (Jxck, proyb6, OGINO Masanori)
  • [mime] mark /+json as compressible #1709 (OGINO Masanori)
  • [mruby] Rack middleware support #1217 (Ichito Nagata)
  • [mruby] allow running asynchronous operations unbounded to the Rack request being processed #1173 (Ichito Nagata)
  • [mruby] add channel class and task method for parallel processing #1336 (Ritta Narita)
  • [mruby] implement sleep #1348 (Ichito Nagata)
  • [mruby] implement Digest::SHA256 #1387 (Kazuho Oku)
  • [mruby] add option to specify mrbgem dependencies out of tree #1446 (Satoshi Tagomori)
  • [mruby] on exception, emit filenames and consistent line number of embedded mruby code #1537 (Satoshi Tagomori)
  • [mruby] introduce client-warning header for error notification #1562 (Ichito Nagata)
  • [mruby] allow fiber switch in constructor #1574 (Kazuho Oku)
  • [mruby] fix crash when the rack handler returns a non-number status code #1576 (Kazuho Oku)
  • [mruby] add support for redis #1152 (Ichito Nagata)
  • [mruby] replace iijson with mattn-json #1684 (Yannick Koechlin, Kazuho Oku)
  • [mruby] update mruby and modules #1462 #1685
  • [proxy] load balancing support (round-robin, least-conn) #1277 #1361 (Justin Zhu)
  • [proxy] cap the amount of request body being buffered #1357 (Frederik Deweerdt)
  • [proxy] cap the amount of response body being buffered #1358 (Frederik Deweerdt)
  • [proxy] introduce separate timeouts for connection establishment and first-byte #1402 (Frederik Deweerdt)
  • [proxy] forward the error to the client when upstream closes the connection abruptly #1490 (Ichito Nagata)
  • [proxy] add option to skip supplementation of a Date header #1495 (Frederik Deweerdt)
  • [proxy] do not abort when receiving an invalid transfer-encoding header from upstream #1688 (Ichito Nagata)
  • [reproxy] connection pooling for reproxy #1434 (Ichito Nagata)
  • [ssl] support redis as a data store for session cache / ticket #1087 (Ichito Nagata)
  • [ssl] unbundle libressl #1546 (Kazuho Oku)
  • [ssl] add support for 425 Too Early status code #1344 (Kazuho Oku)
  • [libh2o] enable ECDH in the exmaple server #1602 (Varbin)
  • [libh2o] emit less system calls in websocket #1590 (Baodong Chen)
  • [libh2o] build examples using evloop #1589 (Baodong Chen)
  • [libh2o] add API to release thread-local data #1624 (Baodong Chen)
  • [libh2o] h2o_gettimeofday to obtain current time in microsecond order #1726 (Ichito Nagata)
  • [misc] include process id in crash backtrace #1254 (Kazuho Oku)
  • [misc] backtracing for BSD #1503 (Frederik Deweerdt)
  • [misc] fix build issues for Android #1521 (Joel Winarske)
  • [misc] switch to Docker-based CI #1551 #1580 (Kazuho Oku)

@kazuho kazuho released this Jun 1, 2018 · 1924 commits to master since this release

Assets 2

This is a bug-fix release of the 2.2 series with following changes from 2.2.4, including one vulnerability fix.

  • [security fix][access-log] fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
  • [fastcgi] index file name must be part of SCRIPT_NAME #1650 (Ichito Nagata)
  • [http2] do not compress cookies less than 20 bytes long #1389 (Julien Benoist)
  • [http2] stop opening new push streams after receiving GOAWAY #1555 (Ichito Nagata)
  • [http2] fix conformance issues #1579 #1582 #1599 (Kazuho Oku)
  • [mruby] drop the link rel=preload header with a x-http2-push-only attribute #1310 (Frederik Deweerdt)
  • [mruby] allow loading a file that shares the basename with one of the preloaded files #1662 (Ichito Nagata)
  • [proxy] fix I/O error when receiving multiple informational responses #1716 (Frederik Deweerdt)
  • [ssl] fix bug that prevents record size growing to maximum when latency optimization is disabled #1545 (Ichito Nagata)
  • [ssl] fix compatibility issues with libressl 2.7 #1707 (AIZAWA Hina)
  • [ssl] update picotls to support TLS 1.3 draft-26 #1718 (Kazuho Oku)

@kazuho kazuho released this Dec 15, 2017 · 1924 commits to master since this release

Assets 2

This is a bug-fix release of the 2.2 series, including two vulnerability fixes.

  • [security fix][access-log][ssl] fix crash when logging TLS 1.3 properties CVE-2017-10872 #1543 (MITSUNARI Shigeo)
  • [security fix][http2] fix crash when handling malformed HTTP/2 request CVE-2017-10908 #1544 (Kazuho Oku)
  • [access-log][compress] %b should log the amount of data sent after compression #1478 (Ichito Nagata)
  • [fastcgi][misc] respect H2O_PERL environment variable in share/h2o/setuidgid #1518 (Kazuho Oku)
  • [mime] fix Opus mimetype #1522 (Alex)
  • [mruby] fix runtime issue that prevents a closed variable from getting updated #1464 (Tatsushi Demachi)
  • [mruby] keep PATH_INFO undecoded #1480 (Ichito Nagata)
  • [mruby] fix keepalive not being used when the response to http_request is directly returned #1489 (Ichito Nagata)
  • [mruby] fix offset overflow of SCRIPT_INFO and PATH_INFO #1502 (Ichito Nagata)
  • [proxy][ssl] fix pointer corruption when connecting to origin via https (big-endian only) #1475 (Kazuho Oku)
  • [proxy] omit network I/O when handling internal redirect between hosts mapped to different ports #1498 (Ichito Nagata)
  • [ssl] fix crash on s390 (and possibly on other big-endian machines) #1474 (Apollon Oikonomopoulos)
  • [websocket] do not send upgrade header twice #1463 (Yamagishi Kazutoshi)

@kazuho kazuho released this Oct 19, 2017 · 1924 commits to master since this release

Assets 2

This is a bug-fix release of the 2.2 series, including two vulnerability fixes.

  • [security fix][http1] fix crash when receiving request with invalid framing CVE-2017-10868 #1459 (Frederik Deweerdt)
  • [security fix][proxy] fix stack overflow when sending huge request body to upstream CVE-2017-10869 #1460 (Frederik Deweerdt)
  • [core] disable buffering of stdout, stderr #1347 (Yannick Koechlin)
  • [expires] fix incorrect header emitted when units: month or year were used #1406 (Frederik Deweerdt)
  • [fastcgi] never return 304 if the file is a dynamic handler #1385 (Kazuho Oku)
  • [mime] flush all existing mapping when file.mime.settypes is used #1416 (Ichito Nagata)
  • [mruby] update mruby and modules #1320 #1338 #1413
  • [mruby] expose SERVER_PROTOCOL #1353 (Frederik Deweerdt)
  • [mruby] properly handle content-less response #1430 (Ichito Nagata)
  • [proxy] do not drop the Date request header #1408 (Ichito Nagata)
  • [ssl] fix deadlock during lazy initialzation #1425 (Apollon Oikonomopoulos)
  • [ssl] fix epoll-related crashes on OSCP updates #1427 (Apollon Oikonomopoulos)
  • [ssl] avoid spurious session ticket renewals #1444 (Apollon Oikonomopoulos)
  • [websocket] fix bug that might drop the first websocket frame #1276 (wuhanck)
  • [libh2o] clear OpenSSL's error queue before using it #1448 (Apollon Oikonomopoulos)
  • [doc] add documentation of duration-stats #1306 (Frederik Deweerdt)
  • [misc] fix build issues on OpenIndiana #1300 (David Carlier)
  • [misc] build on platforms without 64-bit atomics #1433 (Apollon Oikonomopoulos)

@kazuho kazuho released this Apr 23, 2017 · 1924 commits to master since this release

Assets 2

This is a bug-fix release for 2.2 series, fixing the following regression found in 2.2.1.

  • [ssl] fix OCSP stapling error when LibreSSL is used #1275 (Ian Moone)

@kazuho kazuho released this Apr 22, 2017 · 1924 commits to master since this release

Assets 2

This is a bug-fix release for 2.2 series, fixing the following issues found in 2.2.0.

  • [mruby] correct the line number reported on an exception #1239 #1251 (Ichito Nagata)
  • [mruby] retain the order of request headers sharing a single name #1271 (Kazuho Oku)
  • [ssl] fix assertion failure in decode_ssl_input #1264 (Kazuho Oku)
  • [ssl] fix OCSP stapling error when OpenSSL 1.1.0 is used #1270 (Kazuho Oku)
  • [libh2o] fix crash when abruptly closing an HTTP/2 connection on libuv #1250 (Kazuho Oku)
  • [libh2o] fix memory leak of _timestamp_cache #1255 (Kazuho Oku)
  • [doc] restore doc of %{...}e #1252 (Kazuho Oku)
  • [doc] fix typo suggesting using brotli instead of br #1263 (Bogdan Khomutsky)
  • [misc] fix undefined behaviors detected by ubsan #1246 (Frederik Deweerdt)

@kazuho kazuho released this Apr 5, 2017 · 1924 commits to master since this release

Assets 2

This is the first release for 2.2 series, with the following new features and bug fixes from 2.1.0.

  • [core] add crash-handler.wait-pipe-close parameter #1092 (Frederik Deweerdt)
  • [core] introduce an option to bypass the server header sent from upstream #1226 (Frederik Deweerdt)
  • [core] apply global- and host-level configuration to requests not applicable to any of the path-level configurations #1231 (Kazuho Oku)
  • [access-log] add %{remote}p for logging the remote port #1166 (Kazuho Oku)
  • [access-log] add support for JSON-style escapes and null #1208 (Kazuho Oku)
  • [access-log] add specifier for logging per-request environment variables #1221 (Yannick Koechlin)
  • [access-log] add support for <, > modifiers for logging either the original or the final response #1238 (Kazuho Oku)
  • [access-log] do not emit request-total-time twice #1017 (Kazuho Oku)
  • [fastcgi] fix a bug that closes the FastCGI listener socket during startup #1203 (Frederik Deweerdt)
  • [file] add directive for serving gzipped files, decompressing them on-the-fly #1140 (Ichito Nagata)
  • [headers] fix buffer overrun during startup #1180 (Frederik Deweerdt)
  • [http1][proxy] preserve the cases of characters used in header names #1194 (Frederik Deweerdt)
  • [http1][proxy] fix undefined behavior in HTTP/1 parser #1189 (Frederik Deweerdt)
  • [http1] stop reading from socket after sending 400 to avoid the risk of assertion failure #1223 (Frederik Deweerdt)
  • [http2] recognize x-http2-push-only attribute on link header #1169 (Frederik Deweerdt)
  • [http2] add optional timeout for closing connections upon graceful shutdown #1108 (Frederik Deweerdt)
  • [http2] do not ack an acked PING frame #1175 (Moto Ishisawa)
  • [http2] reject requests exceeding the maximum allowed size more efficiently #1183 (Frederik Deweerdt)
  • [mruby] remove dependenty to mkmf #1197 (Yuki Kurihara)
  • [mruby] correct the line number reported on an exception #1239 (Ichito Nagata)
  • [proxy] add directives for tweaking headers sent to upstream #1126 (Justin Zhu)
  • [proxy] retain case-sensitivity of unix socket paths #1131 (Frederik Deweerdt)
  • [proxy] add directive for controlling the via request header #1225 (Frederik Deweerdt)
  • [ssl] add directive for logging session ID #1164 (Yannick Koechlin)
  • [ssl] add support for TLS 1.3 draft-18 #1204 (Kazuho Oku)
  • [ssl] stop evicting session entries in memcached when they are removed from internal cache #1185 (Ichito Nagata)
  • [ssl] fix crash when a secp384r1, secp521r1 certificate is used with TLS 1.3 #1214 (Kazuho Oku)
  • [ssl] fix build failure with OpenSSL 1.1.0 #1216 (Kazuho Oku)
  • [ssl] add doc for handshake-timeout #1233 (Kazuho Oku)
  • [status] fix race condition during start-up #1242 (Frederik Deweerdt)
  • [libh2o] implement h2o_evloop_destroy #1200 (kazan417)
  • [misc] add test code for fuzzing #1174 #1182 #1191 #1192 (Frederik Deweerdt, Jonathan Foote)
  • [misc] fix issues reported by Coverity #1168 #1172 #1179 (Harrison Bowden, Frederik Deweerdt)

@kazuho kazuho released this Mar 22, 2017 · 1945 commits to master since this release

Assets 2

This is a beta release of version 2.2, with following new features and improvements.

  • [core] introduce an option to bypass the server header sent from upstream #1226 (Frederik Deweerdt)
  • [core] apply global- and host-level configuration to requests not applicable to any of the path-level configurations #1231 (Kazuho Oku)
  • [access-log] in JSON logging, remove surrounding quotes arround null #1229 (Kazuho Oku)
  • [ssl] add doc for handshake-timeout #1233 (Kazuho Oku)

@kazuho kazuho released this Mar 14, 2017 · 1963 commits to master since this release

Assets 2

This is a beta release of version 2.2, with following new features and improvements.

  • [access-log] add support for JSON-style escapes and null #1208 (Kazuho Oku)
  • [access-log] add specifier for logging per-request environment variables #1221 (Yannick Koechlin)
  • [http1] stop reading from socket after sending 400 to avoid the risk of assertion failure #1223 (Frederik Deweerdt)
  • [proxy] add directive for controlling the via request header #1225 (Frederik Deweerdt)
  • [ssl] fix crash when a secp384r1, secp521r1 certificate is used with TLS 1.3 #1214 (Kazuho Oku)
  • [ssl] fix build failure with OpenSSL 1.1.0 #1216 (Kazuho Oku)

@kazuho kazuho released this Feb 28, 2017 · 2010 commits to master since this release

Assets 2

This is the first beta release of version 2.2, with following new features and improvements.

  • [core] add crash-handler.wait-pipe-close parameter #1092 (Frederik Deweerdt)
  • [access-log] do not emit request-total-time twice #1017 (Kazuho Oku)
  • [fastcgi] fix a bug that closes the FastCGI listener socket during startup #1203 (Frederik Deweerdt)
  • [file] add directive for serving gzipped files, decompressing them on-the-fly #1140 (Ichito Nagata)
  • [headers] fix buffer overrun during startup #1180 (Frederik Deweerdt)
  • [http1][proxy] preserve the cases of characters used in header names #1194 (Frederik Deweerdt)
  • [http1][proxy] fix undefined behavior in HTTP/1 parser #1189 (Frederik Deweerdt)
  • [http2] recognize x-http2-push-only attribute on link header #1169 (Frederik Deweerdt)
  • [http2] add optional timeout for closing connections upon graceful shutdown #1108 (Frederik Deweerdt)
  • [http2] do not ack an acked PING frame #1175 (Moto Ishisawa)
  • [http2] reject requests exceeding the maximum allowed size more efficiently #1183 (Frederik Deweerdt)
  • [mruby] remove dependenty to mkmf #1197 (Yuki Kurihara)
  • [proxy] add directives for tweaking headers sent to upstream #1126 (Justin Zhu)
  • [proxy] retain case-sensitivity of unix socket paths #1131 (Frederik Deweerdt)
  • [ssl] add directive for logging session ID #1164 (Yannick Koechlin)
  • [ssl] add support for TLS 1.3 draft-18 #1204 (Kazuho Oku)
  • [ssl] stop evicting session entries in memcached when they are removed from internal cache #1185 (Ichito Nagata)
  • [libh2o] implement h2o_evloop_destroy #1200 (kazan417)
  • [misc] add test code for fuzzing #1174 #1182 #1191 #1192 (Frederik Deweerdt, Jonathan Foote)
  • [misc] fix issues reported by Coverity #1168 #1172 #1179 (Harrison Bowden, Frederik Deweerdt)