v1.7.0
This is a SECURITY and feature release for the 1.x series of ReactPHP's HTTP component.
-
Security fix: This release fixes a medium severity security issue in ReactPHP's HTTP server component
that affects all versions betweenv0.7.0
andv1.6.0
. All users are encouraged to upgrade immediately.
Special thanks to Marco Squarcina (TU Wien) for reporting this and working with us to coordinate this release.
(CVE-2022-36032 reported by @lavish and fixed by @clue) -
Feature: Improve HTTP server performance by ~20%, reuse syscall values for clock time and socket addresses.
(#457 and #467 by @clue) -
Feature: Full PHP 8.2+ compatibility, refactor internal
Transaction
to avoid assigning dynamic properties.
(#459 by @clue and #466 by @WyriHaximus) -
Feature / Fix: Allow explicit
Content-Length
response header onHEAD
requests.
(#444 by @mrsimonbennett) -
Minor documentation improvements.
(#452 by @clue, #458 by @nhedger, #448 by @jorrit and #446 by @SimonFrings) -
Improve test suite, update to use new reactphp/async package instead of clue/reactphp-block,
skip memory tests when lowering memory limit fails and fix legacy HHVM build.
(#464 and #440 by @clue and #450 by @SimonFrings)