Skip to content

@kazuho kazuho released this Aug 13, 2019 · 12 commits to master since this release

This is the beta release of the 2.3 series with following changes from 2.3.0-beta1, including one vulnerability fix.

  • [security fix][http2] fix HTTP/2 DoS attack vectors CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 #2090 (Kazuho Oku)
  • [access-log] add support for logging to unix sockets #1746 (Frederik Deweerdt)
  • [access-log][proxy] rename key names of proxy timings #2082 (Ichito Nagata)
  • [file] add if-range header support #1751 (Lingmo Zhu)
  • [compress] extend x-compress-hint to be able to force either gzip or br compression #1808 (Frederik Deweerdt)
  • [compress][brotli] ensure there's a minimal good buffer size #1824 (Frederik Deweerdt)
  • [core] server timing tiny improvements #1818 (Ichito Nagata)
  • [core] flexible timeouts #1840 (Kazuho Oku)
  • [core] stop applying filters multiple times #1891 (Ichito Nagata)
  • [core] remove redundancy in how token index is determined #1903 (Kazuho Oku)
  • [core] use ALPN_ENTRY uniformly. #1987 (Masanori Ogino)
  • [core] allow to specify a list of CPUs to bind H2O to #2017 (Frederik Deweerdt)
  • [doc] fix for ssl_setup function in some libh2o examples #1802 (Byoungwoo Song)
  • [doc] improve documentation about extension property #2047 (Martin Michel)
  • [http1][http2] fix broken trailers issue #1798 (Ichito Nagata)
  • [http1] move chunked encoding code to http1 protocol handler #1819 (Ichito Nagata)
  • [http1] fix broken memory problem on keepalived connection #1823 (Ichito Nagata)
  • [http1] update picohttpparser and reject multiline headers #1933 (Ichito Nagata)
  • [http1] HTTP/1: handle the absolute url form #1941 (Frederik Deweerdt)
  • [http1] streaming request bodies #2007 (Frederik Deweerdt)
  • [http1] optional H1 behavior to forward connection closure #2015 (Toru Maesaka)
  • [http2] ORIGIN frame #1199 (Frederik Deweerdt)
  • [http2] http2client #1549 (Ichito Nagata)
  • [http2] http2-allow-cross-origin-push #1801 (Frederik Deweerdt)
  • [http2] :path pseudo header field cannot be empty #1822 (Ichito Nagata)
  • [http2] expose HPACK primitives #1845 (Kazuho Oku)
  • [http2] http2client #1549 (Ichito Nagata)
  • [http2] nitpicks in the HTTP2 response header parsing #1868 (Kazuho Oku)
  • [http2] forward content-length from upstream #1875 (Ichito Nagata)
  • [http2] don't push a path if a connection is closing. #1902 (Frederik Deweerdt)
  • [http2] don't call h2o_http2_conn_request_write from emit_writereq_of_openref (Frederik Deweerdt)
  • [http2] retain prioritization information for closed streams #1924 (Frederik Deweerdt)
  • [http2] HTTP/2 priorities fixes #1934 (Frederik Deweerdt)
  • [http2] fix failed assertion in update_stream_output_window #1951 (Frederik Deweerdt)
  • [http2] make sure the connection is registered with the stream before calling on_connect #1979 (Frederik Deweerdt)
  • [http2] h2o_http2_conn_unregister_stream assert on shutdown #2000 (Frederik Deweerdt)
  • [mime] update mimemap for .deb, .dll, .exe, .rar, .udeb and .zst. #1985 (Masanori Ogino)
  • [mime] support for USDZ MIME type for iOS 12 Safari #1861 (Kenta Moriuchi)
  • [mime] add MIME types for 3D models (GeoJSON, glTF) (Kenta Moriuchi)
  • [mruby] send early hints from mruby #1767 (Ichito Nagata)
  • [mruby] update mruby to 1.4.1 as well as the mrbgems #1778 (Kazuho Oku)
  • [mruby] use mrb_data_get_ptr to handle irregular cases in ruby layer #1794 (Ichito Nagata)
  • [mruby] prometheus middleware #1892 (Ichito Nagata)
  • [mruby] fix an invalid memory access by an mruby middleware #1945 (Toru Maesaka)
  • [mruby] fix heap-use-after-free bug of http_request #1975 (Ichito Nagata)
  • [mruby] fix invalid read on the stack #2003 (Frederik Deweerdt)
  • [proxy] forward broken chunk encoding to clients when upstream closes before sending anything #2070 (Frederik Deweerdt)
  • [ssl] check more errors returned by libcrypto #1797 (Kazuho Oku)
  • [ssl] more ssl stats #1837 (Ichito Nagata)
  • [ssl] support TLS 1.3 final #1844 (Kazuho Oku)
  • [ssl] send TLS alert on handshake failure when recent versions of OpenSSL is used #1872 (Kazuho Oku)
  • [ssl] use openssl crypto for the key exchange #1870 (Frederik Deweerdt)
  • [ssl] handle KeyUpdate #1882 (Kazuho Oku)
  • [ssl] fix session resumption (client-side) when used with OpenSSL 1.1.1 #2088 (Roberto Guimaraes)
  • [status] avoid redundant registration of status handlers #1815 (Kazuho Oku)
  • [libh2o] fix broken trailers issue #1798 (Ichito Nagata)
  • [libh2o] add header flags #1832 (Ichito Nagata)
  • [libh2o] client protocol abstraction #1855 (Kazuho Oku)
  • [libh2o] add an API to get the underlying socket from an httpclient #1957 (Toru Maesaka)
  • [libh2o] add application/xml to the is_compressible mime types #2016 (Uwe Trenkner)
  • [libh2o] fix issue in 'h2o_perror' about 'strerror_r' #2022 (Baodong Chen)
  • [libh2o] fix prototype for 'h2o_fatal' and replace 'abort(3)' with it #2020 (Baodong Chen)
  • [libh2o] install httpclient as part of h2o #2027 (Kazuho Oku)
  • [libh2o] add an h2o_now_nanosec() func to the Event Loop API #2053 (Toru Maesaka)
  • [libh2o] socket: Add h2o_socket_get_ssl_server_name() #2054 (Remi Gacogne)
  • [libh2o] keep track of mmap failures #2065 (Toru Maesaka)
  • [libh2o] split up the buffer reservation API #2031 (Toru Maesaka)
  • [libh2o] don't store the socket in the socket pool when unnecessary #2073 (Frederik Deweerdt)
  • [libh2o] expose bytes_written from httpclient #2080 (Ichito Nagata)
  • [libh2o] implement H2O_MULTITHREAD_ONCE #2086 (Kazuho Oku)
  • [misc] fix leased socket counting in socketpool #1750 (Lingmo Zhu)
  • [misc] knob to tune disk-based memory allocation threshold #1820 (Ricardo Nabinger Sanchez)
  • [misc] fuzzer target fix for FreeBSD #1862 (David Carlier)
  • [misc] clean up buildchain linuxisms & update FreeBSD URLs #1813 (Dave Cottlehuber)
  • [misc] minor facebook/infer 0.15.0 finds #1885 (Frederik Deweerdt)
  • [misc] httpclient misc changes #1877 (Ichito Nagata)
  • [misc] enables support of ccache #1905 (Lars K.W. Gohlke)
  • [misc] pass travis flag to docker and sudo #1908 (Pierre Dubouilh)
  • [misc] pass proper timeout value to uv_timer_start #1911 (Ichito Nagata)
  • [misc] refine socket pool entry timeout #1923 (Baodong Chen)
  • [misc] fix build error under Android O for boringssl #1960 (Baodong Chen)
  • [misc] fix compiler error under android O #1961 (Baodong Chen)
  • [misc] use predifined function 'h2o_socket_is_reading|writing' #1973 (Baodong Chen)
  • [misc] add 'H2O_ERROR_PRINTF' macro, default is 'fprintf(stderr,...)' #2008 (Baodong Chen)
Assets 2
You can’t perform that action at this time.