We have released nghttp2 v1.19.0.
We fixed memory leak bug which only occurs in server side session. Client side sessions are not affected. This bug was detected by LLVM libFuzzer with HTTP/2 corpus that h2o project uses. Due to the bad code path which nullifies next pointers of linked list in a certain condition, nghttp2_stream object is not going to be freed. We highly encourage to upgrade the existing installation to this latest version.
Alexis La Goutte sent series of patches to fix several issues found by PVS studio.
makovich sent a patch to state that building nghttp2 with jemalloc does not work on Alpine Linux due to its inability of replacing malloc.
Benedikt Christoph Wolters sent a patch to take into account authority
-H option to find links in HTML page (
option). Now authority and scheme are considered to find these links.
accesslog-write-early option has been added. If it is used, access
log is written when response header block is sent, rather than after
request transaction finishes.
client-ciphers option has been added. Previously,
sets cipher list for both frontend and backend TLS connections. Now
ciphers option only sets cipher list for frontend connections. The
client-ciphers option sets cipher list for backend connection.
Similarly, we added
client-no-http2-cipher-black-list option to
disable HTTP/2 cipher black list enforcement on backend connection.
no-http2-cipher-black-list option disables HTTP/2 cipher
black list on frontend connection.
We fix the bug that
no-http2-cipher-black-list (which is now
client-no-http2-cipher-black-list) does not work on backend HTTP/2
We added PSK cipher suite support to nghttpx. Read this article to know how to use PSK cipher suites.
accept-proxy-protocol option was deprecated. To accept PROXY
proxyproto keyword in