Version 1.0.7

1.0.7 (2024-05-08)

Fixed

• Decryption error after receiving long (quic) header that required key derivation.

Version 1.0.6

1.0.6 (2024-05-06)

Changed

• Further improved the reliability of the qpack encoder/decoder.

Version 1.0.5

1.0.5 (2024-05-04)

Fixed

• Qpack encoder / decoder failure due to unfed stream data.

Version 1.0.4

1.0.4 (2024-04-23)

Changed

• Buffer management has been migrated over to Rust in order to improve the overall performance.

Misc

• MacOS universal2 wheels are available

Version 1.0.3

1.0.3 (2024-04-20)

Fixed

• setting assert_hostname to False triggered an error when the peer certificate contained at least one IP in subject alt names.

Version 1.0.2

1.0.2 (2024-04-20)

Fixed

• qpack encoder/decoder blocking state in a rare condition.
• missing (a default) NullHandler for quic and http3 loggers causing a StreamHandler to write into stderr.
• setting assert_hostname to False did not disable hostname verification / match with given certificate.

Changed

• Updated rustls to v0.23.5

Version 1.0.1

1.0.1 (2024-04-19)

Fixed

• PyO3 unsendable classes constraint has been relaxed. qh3 is not thread-safe and you should take appropriate measures in a concurrent environment.

Added

• Exposed CipherSuite and SessionTicket classes in the top-level import.

Misc

• Exposed a x509 helper to make for cryptography dependency removal, solely for Niquests usage.

Version 1.0.0

1.0.0 (2024-04-18)

Removed

• Breaking: Dependency on cryptography along with the indirect dependencies on cffi and pycparser.
• Breaking: H0Connection class that was previously deprecated. Use either urllib3-future or niquests instead.
• Breaking: Draft support for QUIC and H3 protocols.
• Breaking: RSA_PKCS1_SHA1 signature algorithm due to its inherent risk dealing with the unsafe SHA1.
• Breaking: ED448/X448 signature and private key are no longer supported due to its absence in aws-lc-rs.
• Breaking: You may no longer pass certificates (along with private keys) as object that comes from cryptography. You have to encode them into PEM format.

Changed

• ls-qpack binding integration upgraded to v2.5.4 and migrated to Rust.
• cryptographic bindings are rewritten in Rust using the PyO3 SDK, the underlying crypto library is aws-lc-rs 1.6.4
• certificate chain control with dns name matching is delegated to rustls instead of previously half-vendored (py)OpenSSL (X509Store).

Added

• Exposed a public API for qh3 (top-level import).
• SECP384R1 key exchange algorithm as a supported group by default to make for the X448 removal.
• SECP521R1 key exchange algorithm is also supported but not enabled by default per standards (NSA Suite B) recommendations.

Misc

• Noticeable performance improvement and memory safety thanks to the Rust migration. We tried to leverage pure Rust binding whenever we could do it safely.
• Example scripts are adapted for this major version.
• Using maturin as the build backend.
• Published new compatible architectures for pre-built wheels.
• Initial MSRV 1.75+

If you rely on one aspect of enumerated breaking changes, please pin qh3 to
exclude this major (eg. >=0.15,<1) and inform us on how this release affected your program(s).
We will listen.

The semantic versioning will be respected excepted for the hazardous materials.

Version 0.15.1

0.15.1 (2023-03-21)

Fixed

• Improved stream write scheduling. (upstream patch aiortc#475)

Misc

• CI now prepare a complete sdist with required vendors
• aarch64 linux is now served

Version 0.15.0

0.15.0 (2023-02-01)

Changed

• Highly simplified _crypto module based on upstream work aiortc#457
• Bump upper bound cryptography version to 42.x

Fixed

• Mitigate deprecation originating from cryptography about datetime naïve timezone.