All Versions
29
Latest Version
Avg Release Cycle
5 days
Latest Release
11 days ago

Changelog History
Page 2

  • v0.42.0 Changes

    April 11, 2026

    What's Changed

    • ✅ test: WebSocketIntegrationTest.SocketSettings: do not set AF_INET by @jirislaby in #2420

    🆕 New Contributors

    Full Changelog : v0.41.0...v0.42.0

  • v0.41.0 Changes

    April 04, 2026
    • Replace httplib::any / std::map<std::string, httplib::any> based res.user_data with a new type-safe UserData class that provides set() / get<T>() API by @yhirose (Fix #2416)
    • ➕ Add parse_url utility function with UrlComponents struct for parsing URLs into scheme, host, port, path, and query components by @yhirose
    • [cmake] Allow using pre-existing zstd::libzstd target if it already exists, useful for projects that bundle their own zstd by @crueter in #2390
    • ➕ Add header parser and URL parser fuzzers for OSS-Fuzz coverage improvement by @DavidKorczynski in #2412

  • v0.40.0 Changes

    March 28, 2026
    • ⚡️ Optimize multipart content provider to coalesce small writes and reduce TCP packet fragmentation by
      @yhirose in #2410
    • Add set_socket_opt function and corresponding test for TCP_NODELAY option by @yhirose in
      #2411
    • Implement request body consumption and reject invalid Content-Length with Transfer-Encoding to prevent
      request smuggling by @yhirose
    • 🛠 Fixed warnings by @yhirose

  • v0.39.0 Changes

    March 24, 2026

    What's Changed

  • v0.38.0 Changes

    March 15, 2026

    🔒 Security Enhancements

    • Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)
    • Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

    🆕 New Features

    • 👍 Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)
    • 📜 Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
    • 👍 SSL proxy connection supportSSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)
    • 🔧 WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

    👌 Improvements

    • Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)
    • Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)
    • 📚 Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

    🐛 Bug Fixes

    • 🛠 Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

    ✅ Internal / Test Changes

    • ✂ Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)
    • ✅ Enabled BindDualStack test (69d468f)

  • v0.37.2 Changes

    March 13, 2026

    What's Changed

    • 🛠 Fix TLS cert verification bypass on proxy redirect introduced in #2165 by @yhirose in #2396
    • 🔒 Various security fixes

  • v0.37.1 Changes

    March 10, 2026

    What's Changed

  • v0.37.0 Changes

    March 06, 2026
    • 👉 Use doc.yml to generate document site a058e31
    • 🛠 Fix problem with alternate file name check de296af

  • v0.36.0 Changes

    March 03, 2026

    What's Changed

  • v0.35.0 Changes

    February 28, 2026

    What's Changed

    • 🍎 Make loading system certificates from the Keychain on macOS an opt-out feature by @yhirose in #2377