Skip to content

Commit

Permalink
Prepare v1.7.0 release
Browse files Browse the repository at this point in the history
  • Loading branch information
@clue
clue committed Aug 23, 2022
1 parent 5f3b58c commit 4a1e853
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
26 changes: 25 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,30 @@
# Changelog

## 1.7.0 (2022-08-23)

This is a **SECURITY** and feature release for the 1.x series of ReactPHP's HTTP component.

* Security fix: This release fixes a medium severity security issue in ReactPHP's HTTP server component
that affects all versions between `v0.7.0` and `v1.6.0`. All users are encouraged to upgrade immediately.
Special thanks to Marco Squarcina (TU Wien) for reporting this and working with us to coordinate this release.
(CVE-2022-36032 reported by @lavish and fixed by @clue)

This comment has been minimized.

Sign in to view

Copy link
@kelunik

kelunik Aug 23, 2022

I guess this is 57b259e? Could you shed some more light on this?

This comment has been minimized.

Sign in to view

Copy link
@WyriHaximus

WyriHaximus Aug 23, 2022

Member

More information will be provided when we publicize the CVE.

* Feature: Improve HTTP server performance by ~20%, reuse syscall values for clock time and socket addresses.
(#457 and #467 by @clue)

* Feature: Full PHP 8.2+ compatibility, refactor internal `Transaction` to avoid assigning dynamic properties.
(#459 by @clue and #466 by @WyriHaximus)

* Feature / Fix: Allow explicit `Content-Length` response header on `HEAD` requests.
(#444 by @mrsimonbennett)

* Minor documentation improvements.
(#452 by @clue, #458 by @nhedger, #448 by @jorrit and #446 by @SimonFrings

* Improve test suite, update to use new reactphp/async package instead of clue/reactphp-block,
skip memory tests when lowering memory limit fails and fix legacy HHVM build.
(#464 and #440 by @clue and #450 by @SimonFrings)

## 1.6.0 (2022-02-03)

* Feature: Add factory methods for common HTML/JSON/plaintext/XML response types.
Expand All @@ -10,7 +35,6 @@
$response = React\Http\Response\json(['message' => 'Hello wörld!']);
$response = React\Http\Response\plaintext("Hello wörld!\n");
$response = React\Http\Response\xml("<message>Hello wörld!</message>\n");
$response = React\Http\Response\redirect('https://reactphp.org/');
```

* Feature: Expose all status code constants via `Response` class.
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2924,7 +2924,7 @@ This project follows [SemVer](https://semver.org/).
This will install the latest supported version:

```bash
composer require react/http:^1.6
composer require react/http:^1.7
```

See also the [CHANGELOG](CHANGELOG.md) for details about version upgrades.
Expand Down

0 comments on commit 4a1e853

Please sign in to comment.