Releases: h3js/h3
Releases · h3js/h3
v2.0.1-rc.14
💅 Refactors
- tracing: Rename tracing channel
.fetchto.request(#1294) - auth: Enhance randomJitter function for cryptographic security (#1295)
❤️ Contributors
- Pooya Parsa (@pi0)
- Sandro Circi (@sandros94)
- Abdelrahman Awad (@logaretm)
v2.0.1-rc.13
v2.0.1-rc.12
🚀 Enhancements
💅 Refactors
- Allow better debugging
headers are frozen(#1287)
📖 Documentation
- Update example to use
event.res.headers.set(#1289)
🏡 Chore
- Migrate to oxlint and oxfmt (#1286)
🤖 CI
- Add pkg.pr.new integration (f6f152a)
❤️ Contributors
- Pooya Parsa (@pi0)
- Kricsleo (@kricsleo)
- Daniel Slepov danil.slepov@gmail.com
v2.0.1-rc.11
v2.0.1-rc.10
v2.0.1-rc.9
v1.15.5
Important
Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.
In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)
🩹 Fixes
- readRawBody: Fix case-sensitive
Transfer-Encodingcheck causing request smuggling risk (618ccf4)
v2.0.1-rc.8
v2.0.1-rc.7
Important
srvx has been updated to v0.10.. Please review the release notes for important information about Node.js compatibility.
🚀 Enhancements
🩹 Fixes
- mockEvent: Make sure
duplexoption is properly set (eb83aad) - handleCacheHeaders: Round
modifiedTimeto seconds (#1262)
📖 Docs
- Fix typo in jsdocs (#1263)
❤️ Contributors
- Minsu Lee (@amondnet)
- Sandro Circi (@sandros94)
- Abdelrahman Awad (@logaretm)
- Pooya Parsa (@pi0)
- Huseeiin (@huseeiin)
v2.0.1-rc.6
🚀 Enhancements
- defineWebSocketHandler: Support callback with
event(#1242)
🩹 Fixes
- proxy: Strip
transfer-encodingheader from proxied response (#1248) - Clear
event.resafter prepare (#1259)
📖 Documentation
❤️ Contributors
- Pooya Parsa (@pi0)
- Dardan Bujupaj (@dardanbujupaj)
- Minsu Lee (@amondnet)
- Kazuya Kawaguchi (@kazupon)
- Legacy (@3m1n3nc3)