We have released nghttp2 v1.67.0.
Do not download the archive files generated by GitHub. They do not work. Please download the signed and versioned tar balls, such as nghttp2-1.67.0.tar.gz.
lib
This release adds nghttp2_rand_callback
, and the internal hash map
is initialized with the seed sampled from this callback.
Some stream errors are now promoted to the connection errors. This means that an event that previously just resets a single stream now closes a connection entirely. The promoted errors are mostly implementation errors.
We have some contradictory specifications around
nghttp2_on_invalid_header
and nghttp2_on_invalid_header2
callbacks. nghttp2_on_invalid_header
says that if it is omitted, a
stream is reset. Meanwhile, nghttp2_on_invalid_header2
says that if
it is omitted, invalid field is silently ignored. In actual
implementation, if both omitted, we treat it as stream error. In
practice, it is often required not to bail out if invalid header is
received. In this change, if both callbacks are omitted, invalid
field is silently ignored as the documentation of
nghttp2_on_invalid_header2
says.
The “glitch” counter has been introduced. Any suspicious activity such as DATA frames to a stream which does not exist are counted to so called “glitch” counter. If it increases more than the configured rate, GOAWAY is sent and the connection is closed.