@kazuho kazuho released this Jun 1, 2018 · 2005 commits to master since this release

Assets 2

This is a bug-fix release of the 2.2 series with following changes from 2.2.4, including one vulnerability fix.

  • [security fix][access-log] fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
  • [fastcgi] index file name must be part of SCRIPT_NAME #1650 (Ichito Nagata)
  • [http2] do not compress cookies less than 20 bytes long #1389 (Julien Benoist)
  • [http2] stop opening new push streams after receiving GOAWAY #1555 (Ichito Nagata)
  • [http2] fix conformance issues #1579 #1582 #1599 (Kazuho Oku)
  • [mruby] drop the link rel=preload header with a x-http2-push-only attribute #1310 (Frederik Deweerdt)
  • [mruby] allow loading a file that shares the basename with one of the preloaded files #1662 (Ichito Nagata)
  • [proxy] fix I/O error when receiving multiple informational responses #1716 (Frederik Deweerdt)
  • [ssl] fix bug that prevents record size growing to maximum when latency optimization is disabled #1545 (Ichito Nagata)
  • [ssl] fix compatibility issues with libressl 2.7 #1707 (AIZAWA Hina)
  • [ssl] update picotls to support TLS 1.3 draft-26 #1718 (Kazuho Oku)