Releases: nghttp2/nghttp2
nghttp2 v1.61.0
What's Changed
- Fixes CVE-2024-28182
- nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
- Checkout with submodules by @jonaski in #2093
- Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
- build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
- Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
- docker: Use copy --link by @tatsuhiro-t in #2099
- Nghttpx header idle timeout by @tatsuhiro-t in #2100
- nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
- Rewrite hexdump by @tatsuhiro-t in #2102
- Switch to distroless/base-nossl by @tatsuhiro-t in #2103
- Bump ngtcp2 by @tatsuhiro-t in #2105
- nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
- build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
- autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
- Automate release process by @tatsuhiro-t in #2109
- autotools: Switch to tar-pax by @tatsuhiro-t in #2110
- nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
- nghttpx: Fix port byte order by @tatsuhiro-t in #2112
- h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
- nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
- nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
- Add actions/stale by @tatsuhiro-t in #2116
- nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
- nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
- No rfc7540 priority fix by @tatsuhiro-t in #2120
- Further reduce Stateless reset emission by @tatsuhiro-t in #2122
- nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
- Nghttpx faster worker lookup by @tatsuhiro-t in #2125
- nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
- bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
- cmake: check
SSL_provide_quic_data
whenENABLE_HTTP3
isON
by @jimmy-park in #2128 - nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
- nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
- Bump munit by @tatsuhiro-t in #2131
- nghttpx: Fix error message by @tatsuhiro-t in #2133
- nghttpd: Fix read stall by @tatsuhiro-t in #2134
New Contributors
- @jonaski made their first contribution in #2093
- @jimmy-park made their first contribution in #2128
Full Changelog: v1.60.0...v1.61.0
Caution
Do not download from https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.61.0.zip or https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.61.0.tar.gz. They do not work.
nghttp2 v1.60.0
What's Changed
- makerelease.sh: Speed up git submodule by @tatsuhiro-t in #2043
- Speed up git clone by @tatsuhiro-t in #2044
- build(deps): bump actions/cache from 3 to 4 by @dependabot in #2046
- Fixing the build and install trees by @anthonyalayo in #2051
- build(deps): bump microsoft/setup-msbuild from 1 to 2 by @dependabot in #2052
- nghttpx: Set ocsp response to SSL in case of boringssl by @tatsuhiro-t in #2055
- Run with python3 by @tatsuhiro-t in #2054
- src: Certificate Compression with boringssl by @tatsuhiro-t in #2056
- Fix missing newline by @tatsuhiro-t in #2057
- Switch to aws lc by @tatsuhiro-t in #2058
- Libbrotli fixup by @tatsuhiro-t in #2059
- Deprecate RFC 7540 priorities (aka stream dependencies) by @tatsuhiro-t in #2060
- Let dependabot manage go modules by @tatsuhiro-t in #2061
- build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 by @dependabot in #2062
- integration-tests: Omit unused parameters by @tatsuhiro-t in #2065
- Munit by @tatsuhiro-t in #2064
- Introduce nghttp2_ssize API by @tatsuhiro-t in #2066
- Move deprecated warning upfront by @tatsuhiro-t in #2067
- Describe RFC 7540 priorities deprecation plan by @tatsuhiro-t in #2068
- Apps migrate nghttp2 ssize by @tatsuhiro-t in #2069
- src: Remove unused functions by @tatsuhiro-t in #2070
- Reconsider ssize t usage in src by @tatsuhiro-t in #2071
- Use GitHub private vulnerability reporting by @tatsuhiro-t in #2072
- Move security policy to GitHub standard location by @tatsuhiro-t in #2073
- Bump mruby to 3.3.0 by @tatsuhiro-t in #2074
- Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663 by @tatsuhiro-t in #2075
- h2load: Add --sni option by @tatsuhiro-t in #2076
- Bump ngtcp2 dependencies by @tatsuhiro-t in #2077
- mruby: Adopt deprecation of mrbc_ prefix by @tatsuhiro-t in #2078
- neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np by @tatsuhiro-t in #2079
- bpf: Pre-expand aes key by @tatsuhiro-t in #2080
- mruby: Exclude mrdb gem which causes nghttpx to crash by @tatsuhiro-t in #2081
- nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption by @tatsuhiro-t in #2082
- Run apt-get update before install by @tatsuhiro-t in #2083
- src: Deal with the case that send_quantum < max_udp_payload_size by @tatsuhiro-t in #2084
- nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE by @tatsuhiro-t in #2085
- Fix build when
AI_NUMERICSERV
is undefined by @barracuda156 in #2086
New Contributors
- @barracuda156 made their first contribution in #2086
Full Changelog: v1.59.0...v1.60.0
Important
The APIs that uses ssize_t
, including structs and callback functions, have been deprecated. New APIs that use nghttp2_ssize
are introduced as a replacement. See #2066 for details.
RFC 7540 priorities (aka stream dependencies) APIs have been deprecated. They work just like before, but in the future release after the end of 2024, the functionality is removed, and the deprecated APIs start behaving differently. See the API documentation for details. RFC 7540 priorities have been deprecated by RFC 9113. Consider migrating RFC 9218
extensible prioritization scheme.
The asc files are now signed with rsa4096/5339A2BE82E07DEC
. You can find it at keyserver.ubuntu.com.
Caution
Do not download from https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.60.0.zip or https://github.com/nghttp2/nghttp2/archive/refs/tags/v1.60.0.tar.gz. They do not work.
nghttp2 v1.59.0
What's Changed
- Bump clang to 15 by @tatsuhiro-t in #1986
- Bump clang format by @tatsuhiro-t in #1987
- Bump quictls to 3.1.4+quic by @tatsuhiro-t in #1988
- Update ax_cxx_compile_stdcxx.m4 by @tatsuhiro-t in #1989
- nghttpx: Prefer FILE_NAME if defined by @tatsuhiro-t in #1990
- Add API to get and parse RFC 9218 priority by @tatsuhiro-t in #1991
- nghttpx: Propagate stream priority from backend to frontend by @tatsuhiro-t in #1992
- Check whether CLOCK_MONOTONIC is declared by @tatsuhiro-t in #1995
- Bump go packages by @tatsuhiro-t in #2001
- cmake: Remove itprep target by @tatsuhiro-t in #2002
- h2load: Fix IPv6 address in :authority by @tatsuhiro-t in #2000
- Bump ngtcp2 and nghttp3 by @tatsuhiro-t in #2006
- Bump libbpf to v1.3.0 by @tatsuhiro-t in #2007
- Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0 by @tatsuhiro-t in #2008
- cmake: Set minimum quic package versions by @tatsuhiro-t in #2009
- Use
#include <windows.h>
instead of#include <sysinfoapi.h>
by @hrxi in #1997 - build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #2010
- cmake: bring back ENABLE_STATIC_CRT by @bwncp in #2011
- Avoid detecting OpenSSL 3.2 as quictls by @tatsuhiro-t in #2012
- build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #2015
- build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #2014
- src: Support building with aws-lc by @tatsuhiro-t in #2013
- boringssl has SSL_CTX_set1_groups_list by @tatsuhiro-t in #2016
- Drop old OpenSSL support by @tatsuhiro-t in #2017
- Drop old OpenSSL support part 2 by @tatsuhiro-t in #2019
- Remove NPN by @tatsuhiro-t in #2020
- Remove end_to_end.py by @tatsuhiro-t in #2021
- cmake: Require OpenSSL >= 1.1.1 by @tatsuhiro-t in #2022
- nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data by @tatsuhiro-t in #2023
- App fix by @tatsuhiro-t in #2024
- nghttpx: Remove a trailing whitespace by @tatsuhiro-t in #2025
- H2load header ttfb fix by @tatsuhiro-t in #2026
- Not finding packages when
ENABLE_LIB_ONLY
is set by @anthonyalayo in #2027 - Have less stuff in config.h by @hrxi in #1996
- Update minimum CMake version to 3.5 by @anthonyalayo in #2030
- build(deps): bump github.com/quic-go/quic-go from 0.35.1 to 0.37.7 by @dependabot in #2032
- Fix typo by @tatsuhiro-t in #2033
- Specify DEBIAN_FRONTEND=noninteractive by @tatsuhiro-t in #2034
- Revert "nghttpx: Shutdown h3 stream write if reset by a remote endpoint" by @tatsuhiro-t in #2036
- ci: Add aws-lc builds by @tatsuhiro-t in #2037
- Bump go modules by @tatsuhiro-t in #2038
- Bump neverbleed by @tatsuhiro-t in #2039
- Bump go-nghttp2 and go mod tidy by @tatsuhiro-t in #2040
- Bump ngtcp2 to v1.2.0 by @tatsuhiro-t in #2041
- src: Avoid copies by @tatsuhiro-t in #2042
New Contributors
- @hrxi made their first contribution in #1997
- @bwncp made their first contribution in #2011
- @anthonyalayo made their first contribution in #2027
Full Changelog: v1.58.0...v1.59.0
nghttp2 v1.58.0
What's Changed
- Fix build error when both clock_gettime and GetTickCount64 are available by @tatsuhiro-t in #1963
- nghttpx: Shutdown h3 stream write if reset by a remote endpoint by @tatsuhiro-t in #1964
- Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #1965
- cmake: speed up warning option detection by @vszakats in #1967
- Update doc by @tatsuhiro-t in #1969
- ngtcp2 has merged BBR and BBRv2 under BBR (fixes issue #1955) by @av223119 in #1956
- Bump ngtcp2 by @tatsuhiro-t in #1970
- Integration servertester h3 by @tatsuhiro-t in #1974
- Refactor character comparison by @tatsuhiro-t in #1975
- nghttpx: Stricter transfer-encoding checks by @tatsuhiro-t in #1973
- Configure cygwin by @tatsuhiro-t in #1978
- windows: Fix warnings by @tatsuhiro-t in #1979
- Prefer clock_gettime if CYGWIN defined by @tatsuhiro-t in #1977
- Bump neverbleed by @tatsuhiro-t in #1981
- Bump ngtcp2 by @tatsuhiro-t in #1983
- Bump neverbleed by @tatsuhiro-t in #1985
New Contributors
Full Changelog: v1.57.0...v1.58.0
nghttp2 v1.57.0
What's Changed
- Fixes CVE-2023-44487
- Bump ngtcp2 by @tatsuhiro-t in #1944
- Add dependabot to update actions by @tatsuhiro-t in #1946
- Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950
- Bump actions/setup-go from 3 to 4 by @dependabot in #1948
- Bump actions/checkout from 3 to 4 by @dependabot in #1949
- Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947
- docker: Bump base image to debian 12 by @tatsuhiro-t in #1951
- nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953
- Bump quictls by @tatsuhiro-t in #1945
- Apps fix by @tatsuhiro-t in #1957
- nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958
- Fix clang-format by @tatsuhiro-t in #1959
- Rework session management by @tatsuhiro-t in #1961
New Contributors
- @dependabot made their first contribution in #1948
Full Changelog: v1.56.0...v1.57.0
nghttp2 v1.56.0
What's Changed
- doc: Bump boringssl by @tatsuhiro-t in #1928
- Fix memory leak by @tatsuhiro-t in #1930
- Return void by @tatsuhiro-t in #1931
- nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934
- CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935
- Bump quictls by @tatsuhiro-t in #1937
- Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939
- nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940
- Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941
- Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942
- Update Dockerfile by @tatsuhiro-t in #1943
Full Changelog: v1.55.0...v1.56.0
nghttp2 v1.55.1
What's Changed
- doc: Bump boringssl by @tatsuhiro-t in #1928
- Fix memory leak by @tatsuhiro-t in #1930
Full Changelog: v1.55.0...v1.55.1
nghttp2 v1.55.0
What's Changed
- Fix build error without libev by @tatsuhiro-t in #1915
- Bump go to 1.20 by @tatsuhiro-t in #1916
- Bump go package dependencies by @tatsuhiro-t in #1917
- mruby: Support cross build for autotools by @tatsuhiro-t in #1918
- h2load, nghttpx: Add UDP_GRO support by @tatsuhiro-t in #1920
- Bump ngtcp2 by @tatsuhiro-t in #1923
- nghttpx: Randomize initial QUIC packet number by @tatsuhiro-t in #1925
- Bump llhttp to a0e744f850d8101a51284868ffdf745bcfe4fbcc by @tatsuhiro-t in #1926
- Bump macos to 12 by @tatsuhiro-t in #1927
Full Changelog: v1.54.0...v1.55.0
nghttp2 v1.54.0
What's Changed
- nghttpx: Consistent error handling and use of high-level API by @tatsuhiro-t in #1904
- h2load: Fix http3 upload stall by @tatsuhiro-t in #1905
- h2load: Use std::chrono::steady_clock for quic timestamp by @tatsuhiro-t in #1906
- Avoid ev_now by @tatsuhiro-t in #1907
- Remove unused macro bswap64 by @tatsuhiro-t in #1910
- Bump ngtcp2 and nghttp3 by @tatsuhiro-t in #1911
- Bump libbpf to v1.2.0 by @tatsuhiro-t in #1912
- Avoid copies by @tatsuhiro-t in #1913
Full Changelog: v1.53.0...v1.54.0
nghttp2 v1.53.0
What's Changed
- Bump golang.org/x/net to v0.7.0 by @tatsuhiro-t in #1867
- Cache dependencies to speed up workflow builds by @tatsuhiro-t in #1869
- Bump nghttp3 to v0.9.0 by @tatsuhiro-t in #1870
- nghttpx: Gracefully shutdown HTTP/3 connection by @tatsuhiro-t in #1871
- Bump mruby to 3.2.0 by @tatsuhiro-t in #1872
- Bump go modules by @tatsuhiro-t in #1873
- nghttpx: Fix bug that causes 400 response after upgrade failure by @tatsuhiro-t in #1874
- sphinx-doc understands :enum: by @tatsuhiro-t in #1877
- Set workflow permissions by @tatsuhiro-t in #1879
- Nghttpx tweak worker process handling by @tatsuhiro-t in #1880
- nghttpx: Fix heap-use-after-free by @tatsuhiro-t in #1881
- nghttpx: Fix numeric hostname verification by @tatsuhiro-t in #1885
- Fix compile errors with clang-15 by @tatsuhiro-t in #1886
- Add verify_hostname tests by @tatsuhiro-t in #1887
- Add missing if condition to MacOS setup by @tatsuhiro-t in #1888
- Bump ngtcp2 to v0.14.0 by @tatsuhiro-t in #1891
- nghttpx: write watcher should only be started upon blocking write by @tatsuhiro-t in #1892
- Msvc build check by @tatsuhiro-t in #1896
- Initialize map table lazily by @tatsuhiro-t in #1897
- Import ngtcp2/sfparse, Structured Field Values parser by @tatsuhiro-t in #1898
- Bump ngtcp2 by @tatsuhiro-t in #1899
- nghttpx: Send NEW_TOKEN on path change by @tatsuhiro-t in #1900
- Initialize z_stream completely with zeros by @tatsuhiro-t in #1901
- Bump neverbleed by @tatsuhiro-t in #1902
Full Changelog: v1.52.0...v1.53.0