Skip to content

0.13.2

Choose a tag to compare

@github-actions github-actions released this 18 Jun 09:58
4b9d918

Important Changes

  • HTTP/1.1 and HTTP/2 now have a 256 MiB default request body cap. Previously HTTP/1.1 and HTTP/2 had no body size limit. Operators handling >256 MiB uploads via HTTP/1.1 or HTTP/2 must explicitly set request_max_body_size to a larger value in the top-level config; set request_max_body_size = 0 or "unlimited" for no limit; human-readable suffixes ("256k", "10m", "1g") are also accepted. The HTTP/3 default is unchanged. The previous experimental.h3.request_max_body_size key continues to work as a deprecated override for the HTTP/3 streaming body-size limit only (pre-flight Content-Length checks still use the top-level key) and emits a deprecation warning on config load/reload; it will be removed in 0.14.0.

Bugfix

  • Fix: enforce a request body size limit on HTTP/1.1 and HTTP/2. Previously rpxy enforced request_max_body_size only on HTTP/3; a client could stream arbitrarily many request body bytes via HTTP/1.1 or HTTP/2 with no proxy-side bound, allowing a denial-of-service via unbounded request bodies. The same limit (default 256 MiB, matching the previous HTTP/3-only default) now applies to all three protocols, configurable via a new top-level request_max_body_size TOML key. Oversize requests with a known Content-Length are rejected up front with 413 Payload Too Large before any upstream contact (HTTP/1.x responses include Connection: close so the unread body bytes are not fed into a recycled connection; HTTP/2 and HTTP/3 close the affected stream in-band); oversize chunked / streamed bodies are detected mid-flight by a per-request body adapter which emits one error! log line of the form "Request body exceeded limit: received N bytes, maximum allowed M" and surfaces to the client as an upstream-forwarder error (typically 502) or a connection drop, with the log line identifying the cause. HTTP/3's pre-existing streaming-overrun behaviour is preserved; HTTP/3 also newly gets the CL-known 413 pre-flight by routing through the unified handler entry. The internal representation moved from usize to Option<usize> (None = unlimited). The top-level request_max_body_size = 0 now maps to unlimited (None); the deprecated experimental.h3.request_max_body_size = 0 remains Some(0) for backward compatibility.
  • Fix: validate obfuscated nodenames in Forwarded for= values per RFC 7239. rpxy now rejects invalid obfnode values instead of storing and re-emitting them into generated Forwarded headers. The same ABNF guard is shared with obfuscated ports, keeping both obfuscated for= components valid-by-construction before the writer serializes them.

Improvement

  • UX: request_max_body_size now accepts human-readable size strings and an explicit unlimited mode. The top-level request_max_body_size TOML key accepts an integer (bytes), a string with a binary suffix ("256k", "10m", "1g"), or 0 / "unlimited" to disable the top-level/default limit. Existing positive integer configs continue to work unchanged (top-level 0 now maps to unlimited in this unreleased cycle). A config-load warning is emitted when the top-level/default limit is disabled. The deprecated experimental.h3.request_max_body_size key remains integer-only for backward compatibility.
  • Nits: clean up in-source TODO comments. Empty or stale markers were removed, Japanese-only notes were translated, and the remaining future-work comments were clarified without changing runtime behavior.
  • Refactor: clear scoped Clippy carry-over warnings in the forwarding-header and hop-header helpers. The cleanup reshapes nested control flow, fixes doc-comment placement, and adds direct Upgrade extraction tests without changing header parsing or proxy behavior.
  • Refactor: remove an unused sticky-cookie duration getter. The stored sticky-cookie duration is still used when generating Set-Cookie metadata, and the current cookie lifetime behavior is unchanged.
  • Refactor: replace the hard-coded sticky-cookie duration with a named constant and add a defensive validation guard. The 300-second default is now STICKY_COOKIE_DURATION_SECS, and StickyCookieConfig::try_new rejects non-positive durations at build time. No behavior change.

What's Changed

  • feat(tls): enable stateless session tickets for non-mTLS apps and disable server-side TLS session caching by @junkurihara in #603
  • perf(headers): remove hop-by-hop headers via pre-built HeaderName constants by @junkurihara in #604
  • perf(logging): skip building the access-log record when no line can be emitted by @junkurihara in #605
  • perf(headers): compute the authoritative request host once per request by @junkurihara in #606
  • perf(headers): assemble forwarding-header output in single buffers by @junkurihara in #607
  • perf(headers): format IPv4 in forwarding headers via itoa instead of core::fmt by @junkurihara in #608
  • perf(headers): skip Cookie header rebuild when there is nothing to merge by @junkurihara in #609
  • perf(headers): precompute the upstream Host header value instead of rebuilding per request by @junkurihara in #610
  • perf(headers): read forwarding headers by borrowing instead of join-then-resplit by @junkurihara in #611
  • refactor(headers): dispatch upstream options by set membership instead of a loop+match by @junkurihara in #612
  • perf(sticky-cookie): precompute cookie name prefix and stop owning every sticky token by @junkurihara in #613
  • refactor(sticky-cookie): parse token via split_once('=') instead of collecting an '=' split by @junkurihara in #614
  • refactor(name_exp): render ServerName via Display instead of TryInto roundtrip by @junkurihara in #615
  • Feat/inspect parse host simplify by @junkurihara in #616
  • fix(message_handler): detect TE: trailers token case-insensitively (RFC 9110) by @junkurihara in #617
  • refactor(hop): take Connection out of HeaderMap upfront in remove_connection_header by @junkurihara in #618
  • fix(forwarding): parse Forwarded for= node-port per RFC 7239 6 (port / obfport) by @junkurihara in #619
  • 0.13.1 by @junkurihara in #620
  • Merge pull request #620 from junkurihara/develop by @junkurihara in #621
  • fix: fix for copilot comments by @junkurihara in #623
  • fix(message_handler): enforce request body size limit on h1/h2 by @junkurihara in #622
  • fix(forwarding): Fix Forwarded obfuscated nodename validation by @junkurihara in #624
  • chore(todo): cleanup todo comments by @junkurihara in #625
  • fix: fix for copilot comments by @junkurihara in #626
  • feat(clippy): carryover-cleanup by @junkurihara in #627
  • chore(refactor): sticy cookie duration has been removed by @junkurihara in #628
  • chore(refactor): fix some internal constants by @junkurihara in #629
  • fix: rework on max_body_size by @junkurihara in #630
  • 0.13.2 by @junkurihara in #631

Full Changelog: 0.13.0...0.13.2