Releases: icing/mod_h2
Releases · icing/mod_h2
mod-h2 v2.0.9
- Fixed a bug where errors during reponse body handling did not lead to
a proper RST_STREAM. Instead processing went into an infinite loop.
Extended test cases to catch this condition.
mod-h2 v2.0.8
- Delaying input setup of a stream just before processing starts. This allows
any EOS indicator arriving from the client before that to take effect.
Without knowing that a stream has no input, internal processing has to
simulate chunked encoding. This is not wrong, but somewhat more expensive
and mod_security has been reported to be allergic to seeing 'chunked'
on some requests. See https://bz.apache.org/bugzilla/show_bug.cgi?id=66282. - mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
request ':authority' is known. Improved test case that did not catch that
the previous 'fix' was incorrect.
mod-h2 v2.0.7
- fixed idle connection handling for non-async MPMs, like worker.
With mpm_worker, idle conection could go into a busy loop waiting for
new data to arrive.
mod-h2 v2.0.6
- fixed handling of connection
Timeoutsetting to not apply when streams
are still being processed. Adjusted test case expectation. - referring to #234, adding an explicit close after a request has been
processed to prevent missing EOS indicators from leaving a stream open
indefinitely. - fixed a race condition in end-of-input handling for requests (introduced
in the v2.0.x line).
mod_h2 v2.0.5
- Synchronized changes from Apache trunk development. Improvements in pollset
handling and simplification of response data passing to main connection. - Improvements in shutdown scenarios that wake up a potentially sleeping
pollset that might block a clean child exit.
mod_h2 v2.0.4
- new directive
H2HeaderStrictness (highest|rfc7540|rfc9113)to configure
the strictness of HTTP header checks. rfc9113 forbids leading and trailing
whitespace in headers and is supported when building against
nghttp2 v1.50.0 or newer. The default is the backward compatible
behavior, e.g. rfc7540. - Integrated improvements from Apache httpd 2.4.x branch:
- remove unused and insecure code. Fixes PR66037.
- preserve the port number given in a HTTP/1.1
request that was Upgraded to HTTP/2. Fixes PR65881.
mod_h2 v2.0.3
- A bug that prevented trailers (e.g. HEADER frame at the end) to be
generated in certain cases was fixed. See #233 where it prevented
gRPC responses to be properly generated. - :scheme pseudo-header values, not matching the
connection scheme, are forwarded via absolute uris to the
http protocol processing to preserve semantics of the request.
Checks on combinations of pseudo-headers values/absence
have been added as described in RFC 7540. Fixes #230. - Fix possible beam bucket double free from session destroy. [ylavic]
mod_h2 v1.15.28
- Removing unscheduling of ongonig tasks when connection shows
potential abuse by a client. This proves counter-productive
and the abuse detection can be falsly triggered by request
using server-side-events. Fixes #231. - This change is already part of the current 2.x version release.
mod_h2 v2.0.2
- When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request. See PR65731 at
https://bz.apache.org/bugzilla/show_bug.cgi?id=65731.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.
mod_h2 v1.15.27
- When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request. See PR65731 at
https://bz.apache.org/bugzilla/show_bug.cgi?id=65731.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.