Releases: uNetworking/uWebSockets
v20.29.0
v20.28.0
More RFC 9112 (HTTP/1.1) compliance fixups
- Field names are now restricted to alphanumeric + hyphen
- Chunked encoding parsing now properly rejects too large chunks
- Chunked encoding now rejects non-hex chunk size and handles A-F, a-f, 0-9 properly
- The Host field has to be present, but is allowed to have empty value
- Field values are trimmed both front and back, by SP and HTAB only
- Request method is now case sensitive and getCaseSensitiveMethod() has been added
- getMethod() will continue to return lower cased for backwards compatibility until v21.
Performance regression testing
- Performance comparison against the v20.0.0 release shows there is no performance drift. We haven't lost any measurable performance by improving spec. compliance.
Smoke testing on CI
- There is a new smoke test that makes a bunch of different fetch() requests in keep-alive using Deno, checking CRC32 hashes for correctness both for chunked encoding and for fixed length bodies. This test runs on CI automatically on every push along the unit tests. It will be extended with more request types in the near future.
v20.27.0
Initial C-API
Contributed by Ciro Spaciari (@cirospaciari) - there is now a quite complete C API that can be used from Zig, Rust and the like. Some form of this C API is already in use by Bun.
Contributors
Assets 2
v20.26.0
RFC 9112 (HTTP/1.1) compliance fixup
HTTP/1.1 has been around since late stone age and there is now a new RFC9112 that updates it further, released this very summer. This is a good time to go over said spec. and make uWS as compliant as practically possible. This is going to be a gradual shift over time, making uWS more strict in this area, but here are some of the fixes in this release:
- HTTP/1.0 requests are no longer accepted (so long Apache Bench!).
- Content-Length and Transfer-Encoding are now more strictly and correctly parsed and used.
- Requests without "host" header are dropped.
- Requests with both Content-Length and Transfer-Encoding are dropped.
- Requests with ridiculously large Content-Length are dropped.
- Header values can no longer contain invisible control bytes (ASCII below 32), except for HTAB.
- We are more strict in dropping requests with space between header key and colon.
Some of these fixes are due to a report by FFRI Security, Inc. If you consider spec. compliance a security factor; then update to latest uWS.
v20.25.0
Yet more Transfer-Encoding: chunked fixes
- Keep-alive for chunked bodies was broken due to expecting an empty trailer which simply isn't there.
v20.24.0
Date, Transfer-Encoding fixes
- The HTTP server now appends a valid "Date" header to responses.
- Fixes broken keep-alive for HEAD, OPTIONS, TRACE, CONNECT and DELETE methods introduced in v20.23.0 while adding chunked encoding support.
v20.23.0
HTTP chunked transfer-encoding 🔪 🍰
- You can now send and receive data that is chunked according to
Transfer-Encoding: chunked. - Nothing changes from a user perspective; business as usual.
v20.22.0
Dynamically removable HTTP routes and SNI domains
Together with the SNI improvements from v20.18.0 you can now add/remove HTTP routes dynamically, both for the root ("catch all") domain, and for any specific SNI domain.
If you added a route with
app.get("/hello", [](auto *res, auto *req) {
});
You now remove it with app.get("/hello", nullptr);
The same applies to routes added under a SNI name - browsing to the domain with app.domain("server_name") you can then remove the route added.
Note that you cannot remove WebSocket routes just yet (but doing so could make sense semantically).
v20.20.0
- Fixes undefined behavior in App::removeServerName introduced in v20.18.0
v20.19.0
Unix sockets
Thanks to @Young-Flash it's now possible to serve HTTP and WebSockets over Unix sockets - which interestingly works on all three platforms Windows, Linux, macOS 🤔
