@kazuho kazuho released this Dec 21, 2016 · 2227 commits to master since this release

Assets 2

This is a beta release for 2.1 series, including following new features, bug fixes, and a security fix. Users of 2.1.0-beta series are encouraged to update to the latest version.

  • [security fix] fix use-after-free vulnerability CVE-2016-7835 #1144 (Frederik Deweerdt, Kazuho Oku)
  • [core] fix busy loop after receiving SIGTERM (linux) #1100 (Kazuho Oku, Frederik Deweerdt)
  • [core] don't try to register kevent changes more than once (*BSD, OS X) #1113 (Ichito Nagata)
  • [compress] set vary: accept-encoding upon negotiation failure of the compression method #1083 (Frederik Deweerdt)
  • [fastcgi] fix connection failure when fastcgi.spawn is used with an uid #1119 (Kazuho Oku)
  • [file] more pre-defined MIME types #1103 (Joe Duarte)
  • [file] add missing </ul> #1106 (Kazuho Oku)
  • [http2] fix a bug that left connections open #1090 (Kazuho Oku)
  • [http2] ignore PRIORITY frames that reference closed pushed streams #1105 (Frederik Deweerdt)
  • [http2] add Secure attribute to the casper cookie #1134 (Kazuho Oku)
  • [http2] permit use of HEADERS with a smaller stream ID than a preceding PRIORITY #1136 (Frederik Deweerdt, Kazuho Oku)
  • [mruby] update mruby to HEAD #1135 (Kazuho Oku)
  • [proxy] set content-length: 0 when receiving a zero-byte POST or PUT #1080 (Frederik Deweerdt)
  • [proxy] turn on/off on-the-fly compression based on the x-compress-hint header #1085 (Frederik Deweerdt)
  • [ssl] update libressl to 2.4.4 #1127 (Kazuho Oku)
  • [ssl] erase OCSP stapling data when the stapling updater returns a permanent failure #1117 (Kazuho Oku)
  • [libh2o] install library files to the correct location #1116 (Frederik Deweerdt)