Releases: icing/mod_h2
Releases · icing/mod_h2
mod_h2 v2.0.11
- WARNING: the directive "H2HeaderStrictness" from v2.0.4 has been
removed again. Leading/trailing whitespace in header values is now
being stripped both for requests and responses. The checks for this
in nghttp2 v1.50.0+ are now always disabled.
This means that clients that send leading/trailing ws continue to
work, but that whitespace makes no difference in processing a request.
This is the same behaviour as in http/1.1 where the Apache parser does
the stripping as well (since forever).
mod-h2 v2.0.10
- Extensive testing in production done by Alessandro Bianchi (@alexskynet)
on the v2.0.x versions for stability. Many thanks! - refactored stream response handling to reflect the different phases
(response/data/trailers) more clearly and help resolving cpu busy loops. - Adding more negative tests for handling of errored responses to cover
edge cases. - mod_http2: fixed handling of response where neiter an EOS nor an ERROR was
received as a cause to reset the stream. - mod_proxy_http2: generating error buckets for fault response bodies, to
signal failure to fron when response header were already sent.
Contributors
alexskynet
Assets 3
mod-h2 v2.0.9
- Fixed a bug where errors during reponse body handling did not lead to
a proper RST_STREAM. Instead processing went into an infinite loop.
Extended test cases to catch this condition.
mod-h2 v2.0.8
- Delaying input setup of a stream just before processing starts. This allows
any EOS indicator arriving from the client before that to take effect.
Without knowing that a stream has no input, internal processing has to
simulate chunked encoding. This is not wrong, but somewhat more expensive
and mod_security has been reported to be allergic to seeing 'chunked'
on some requests. See https://bz.apache.org/bugzilla/show_bug.cgi?id=66282. - mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
request ':authority' is known. Improved test case that did not catch that
the previous 'fix' was incorrect.
mod-h2 v2.0.7
- fixed idle connection handling for non-async MPMs, like worker.
With mpm_worker, idle conection could go into a busy loop waiting for
new data to arrive.
mod-h2 v2.0.6
- fixed handling of connection
Timeoutsetting to not apply when streams
are still being processed. Adjusted test case expectation. - referring to #234, adding an explicit close after a request has been
processed to prevent missing EOS indicators from leaving a stream open
indefinitely. - fixed a race condition in end-of-input handling for requests (introduced
in the v2.0.x line).
mod_h2 v2.0.5
- Synchronized changes from Apache trunk development. Improvements in pollset
handling and simplification of response data passing to main connection. - Improvements in shutdown scenarios that wake up a potentially sleeping
pollset that might block a clean child exit.
mod_h2 v2.0.4
- new directive
H2HeaderStrictness (highest|rfc7540|rfc9113)to configure
the strictness of HTTP header checks. rfc9113 forbids leading and trailing
whitespace in headers and is supported when building against
nghttp2 v1.50.0 or newer. The default is the backward compatible
behavior, e.g. rfc7540. - Integrated improvements from Apache httpd 2.4.x branch:
- remove unused and insecure code. Fixes PR66037.
- preserve the port number given in a HTTP/1.1
request that was Upgraded to HTTP/2. Fixes PR65881.
mod_h2 v2.0.3
- A bug that prevented trailers (e.g. HEADER frame at the end) to be
generated in certain cases was fixed. See #233 where it prevented
gRPC responses to be properly generated. - :scheme pseudo-header values, not matching the
connection scheme, are forwarded via absolute uris to the
http protocol processing to preserve semantics of the request.
Checks on combinations of pseudo-headers values/absence
have been added as described in RFC 7540. Fixes #230. - Fix possible beam bucket double free from session destroy. [ylavic]
mod_h2 v1.15.28
- Removing unscheduling of ongonig tasks when connection shows
potential abuse by a client. This proves counter-productive
and the abuse detection can be falsly triggered by request
using server-side-events. Fixes #231. - This change is already part of the current 2.x version release.