We released nghttp2 v1.0.3.
This release fixes the bug that PRIORITY frame including dependency to itself for idle stream resulted in fatal error from nghttp2_session_mem_recv or nghttp2_session_recv in server-side session. Now it is treated gracefully, and GOAWAY of type PROTOCOL_ERROR is issued.
We optimized priority tree handling to Firefox style dependency tree, and it dramatically speeds up the processing. The worst case, linearly linked dependency tree, is also much improved.
Now LibreSSL can be used to build nghttp2 applications. ocsp-fetch-response script also supports LibreSSL too.
We fixed the bug in nghttpx that x-forwarded-proto header field did not reflect the frontend scheme if used with HTTP/2 backend.