v2.0.1-rc.14

compare changes

💅 Refactors

• tracing: Rename tracing channel .fetch to .request (#1294)
• auth: Enhance randomJitter function for cryptographic security (#1295)

❤️ Contributors

• Pooya Parsa (@pi0)
• Sandro Circi (@sandros94)
• Abdelrahman Awad (@logaretm)

v2.0.1-rc.13

compare changes

💅 Refactors

• Improve cli (f107e07)

v2.0.1-rc.12

compare changes

🚀 Enhancements

• h3 CLI (#1293)
• writeEarlyHints: Add Link: rel:preload headers as fallback (#1288)

💅 Refactors

• Allow better debugging headers are frozen (#1287)

📖 Documentation

• Update example to use event.res.headers.set (#1289)

🏡 Chore

• Migrate to oxlint and oxfmt (#1286)

🤖 CI

• Add pkg.pr.new integration (f6f152a)

❤️ Contributors

• Pooya Parsa (@pi0)
• Kricsleo (@kricsleo)
• Daniel Slepov danil.slepov@gmail.com

v2.0.1-rc.11

compare changes

📦 Build

• Fix types bundling (e32d9e6)

v2.0.1-rc.10

compare changes

📦 Build

• Move fetchdts to dependencies due to bundle issues (0d753cf)

v2.0.1-rc.9

compare changes

🩹 Fixes

• basic-auth: Use jitter and constant-time string comparison (#1283)

🌊 Types

• onResponse: Allow returning any value (#1277)

❤️ Contributors

• Pooya Parsa (@pi0)
• Huseeiin (@huseeiin)

v1.15.5

compare changes

Important

Security: Fixed a bug in readBody(event) and readRawBody(event) utils where certain Transfer-Encoding header formats could cause the request body to be ignored.

In some deployments (for example, behind TCP load balancers or non-normalizing proxies), this could allow request smuggling. The handling is now safe and fully compliant. (read more)

🩹 Fixes

• readRawBody: Fix case-sensitive Transfer-Encoding check causing request smuggling risk (618ccf4)

v2.0.1-rc.8

compare changes

🩹 Fixes

• fromNodeHandler: Pipe responses once (#1273)

💅 Refactors

• Avoid unnecessary Error.captureStackTrace (652e883)

v2.0.1-rc.7

compare changes

Important

srvx has been updated to v0.10.. Please review the release notes for important information about Node.js compatibility.

🚀 Enhancements

• Experimental tracing channels support (#1251)
• Customizable validation errors (#1146)

🩹 Fixes

• mockEvent: Make sure duplex option is properly set (eb83aad)
• handleCacheHeaders: Round modifiedTime to seconds (#1262)

📖 Docs

• Fix typo in jsdocs (#1263)

❤️ Contributors

• Minsu Lee (@amondnet)
• Sandro Circi (@sandros94)
• Abdelrahman Awad (@logaretm)
• Pooya Parsa (@pi0)
• Huseeiin (@huseeiin)

v2.0.1-rc.6

compare changes

🚀 Enhancements

• defineWebSocketHandler: Support callback with event (#1242)

🩹 Fixes

• proxy: Strip transfer-encoding header from proxied response (#1248)
• Clear event.res after prepare (#1259)

📖 Documentation

• Add H3ravel to the community section (#1239)
• Add intlify to community integrations (#1244)

❤️ Contributors

• Pooya Parsa (@pi0)
• Dardan Bujupaj (@dardanbujupaj)
• Minsu Lee (@amondnet)
• Kazuya Kawaguchi (@kazupon)
• Legacy (@3m1n3nc3)