This release adds new library APIs to send and receive non-critical HTTP/2 extension frames. It also adds new features to nghttpx and nghttpd, and polishes many rough edges.
Reset (RST_STREAM) stream if flow control window gets overflow
Validate :authroity, host, and :scheme value more strictly
Check request/response submission error based side of session
Strict outgoing idle stream detection
Return error from nghttp2_submit_{headers,request} when self dependency is made
Add -ldl to APPLDFLAGS for static openssl linking
asio: Stop acceptor on server::http2::stop
asio: Rename http2::get_io_services() as http2::io_services()
h2load: Support UNIX domain socket
h2load: Improve readability of traffic numbers
h2load: Remove "auto" for -m option
h2load: Show progress in rate mode
h2load: Perform sampling for request and connection timings to reduce memory consumption
nghttpd: Add --no-content-length option to omit content-length in response
nghttpx: Interleave pushed streams with the associated stream if pushed streams are javascript and CSS resources
nghttpx: The initial value of request/response buffer is increased to 128K
nghttpx: Fix bug that --listener-disable-timeout option is not used
nghttpx: Don't emit :authority if request does not contain authority information
nghttpx: Add clarification of quotes in configuration file
nghttpx: Don't allow certain characters in host and :scheme header field
nghttpx: Add RFC 7239 Forwarded header field support
nghttpx: Fix crash when running on IPv6 only (Patch from Vernon Tang)
nghttpx: Take into account of trailers when applying max_header_fields
nghttpx: Don't apply max_header_fields and header_field_buffer limit to response
nghttpx: Strict validation for header fields given in configuration
nghttpx: header value should not be lower-cased (Patch from ayanamist)
This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible. Other than that we have minor polish up in libnghttp2 code base, and some new features to asio library, and h2load.
This release includes number of fixes for libnghttp2. We briefly explain notable bug fixes here. Previously, libnghttp2 ignored CONTINUATION frames if preceding HEADERS frame contained padding. The appearance of CONTINUATION is rare these days, but padding is used in some services already, and we may see CONTINUATION somewhere too. The second and third bugs are SETTINGS and HPACK dynamic table size related bugs. The second bug is that previously libnghttp2 did not shrink to minimum size of requested dynamic table size contained in SETTINGS frame sent from local endpoint if it contains several SETTINGS_HEADER_TABLE_SIZE. Now it is corrected, and libnghttp2 shrinks to the minimum size. The third bug is that due to the ambiguous text in RFC 7540 and 7541, we interpreted that if receiver received SETTINGS containing SETTINGS_HEADER_TABLE_SIZE, it always has to send dynamic table size update in the next compressed header block. But it turns out that it is not the intention of the specification author. The intended behaviour is the receiver is required to send dynamic table size update only when it really changed maximum dynamic table size. Depending on the SETTINGS_HEADER_TABLE_SIZE and the current maximum dynamic table size, the table size may not change.
* Make traditional init script fail if new config file is broken
* nghttpx-logrotate: Don't use killall since we have multiple processes
* nghttpx: Fix improper signal handling
