@kazuho kazuho released this Dec 15, 2017 · 1951 commits to master since this release

Assets 2

This is a bug-fix release of the 2.2 series, including two vulnerability fixes.

  • [security fix][access-log][ssl] fix crash when logging TLS 1.3 properties CVE-2017-10872 #1543 (MITSUNARI Shigeo)
  • [security fix][http2] fix crash when handling malformed HTTP/2 request CVE-2017-10908 #1544 (Kazuho Oku)
  • [access-log][compress] %b should log the amount of data sent after compression #1478 (Ichito Nagata)
  • [fastcgi][misc] respect H2O_PERL environment variable in share/h2o/setuidgid #1518 (Kazuho Oku)
  • [mime] fix Opus mimetype #1522 (Alex)
  • [mruby] fix runtime issue that prevents a closed variable from getting updated #1464 (Tatsushi Demachi)
  • [mruby] keep PATH_INFO undecoded #1480 (Ichito Nagata)
  • [mruby] fix keepalive not being used when the response to http_request is directly returned #1489 (Ichito Nagata)
  • [mruby] fix offset overflow of SCRIPT_INFO and PATH_INFO #1502 (Ichito Nagata)
  • [proxy][ssl] fix pointer corruption when connecting to origin via https (big-endian only) #1475 (Kazuho Oku)
  • [proxy] omit network I/O when handling internal redirect between hosts mapped to different ports #1498 (Ichito Nagata)
  • [ssl] fix crash on s390 (and possibly on other big-endian machines) #1474 (Apollon Oikonomopoulos)
  • [websocket] do not send upgrade header twice #1463 (Yamagishi Kazutoshi)