Update H2O from 2.2.2 to 2.2.4 #637

pmenzel · 2018-02-22T16:22:26Z

No description provided.

Version 2.2.4 was released in December 2017, and contains some security fixes, and improvements [1]. H2O version 2.2.3 ----------------- This is a bug-fix release of the 2.2 series, including two vulnerability fixes. * [security fix][http1] fix crash when receiving request with invalid framing CVE-2017-10868 #1459 (Frederik Deweerdt) * [security fix][proxy] fix stack overflow when sending huge request body to upstream CVE-2017-10869 #1460 (Frederik Deweerdt) * [core] disable buffering of stdout, stderr #1347 (Yannick Koechlin) * [expires] fix incorrect header emitted when units: month or year were used #1406 (Frederik Deweerdt) * [fastcgi] never return 304 if the file is a dynamic handler #1385 (Kazuho Oku) * [mime] flush all existing mapping when file.mime.settypes is used #1416 (Ichito Nagata) * [mruby] update mruby and modules #1320 #1338 #1413 * [mruby] expose SERVER_PROTOCOL #1353 (Frederik Deweerdt) * [mruby] properly handle content-less response #1430 (Ichito Nagata) * [proxy] do not drop the Date request header #1408 (Ichito Nagata) * [ssl] fix deadlock during lazy initialzation #1425 (Apollon Oikonomopoulos) * [ssl] fix epoll-related crashes on OSCP updates #1427 (Apollon Oikonomopoulos) * [ssl] avoid spurious session ticket renewals #1444 (Apollon Oikonomopoulos) * [websocket] fix bug that might drop the first websocket frame #1276 (wuhanck) * [libh2o] clear OpenSSL's error queue before using it #1448 (Apollon Oikonomopoulos) * [doc] add documentation of duration-stats #1306 (Frederik Deweerdt) * [misc] fix build issues on OpenIndiana #1300 (David Carlier) * [misc] build on platforms without 64-bit atomics #1433 (Apollon Oikonomopoulos) H2O version 2.2.4 ----------------- This is a bug-fix release of the 2.2 series, including two vulnerability fixes. * [security fix][access-log][ssl] fix crash when logging TLS 1.3 properties CVE-2017-10872 #1543 (MITSUNARI Shigeo) * [security fix][http2] fix crash when handling malformed HTTP/2 request CVE-2017-10908 #1544 (Kazuho Oku) * [access-log][compress] %b should log the amount of data sent after compression #1478 (Ichito Nagata) * [fastcgi][misc] respect H2O_PERL environment variable in share/h2o/setuidgid #1518 (Kazuho Oku) * [mime] fix Opus mimetype #1522 (Alex) * [mruby] fix runtime issue that prevents a closed variable from getting updated #1464 (Tatsushi Demachi) * [mruby] keep PATH_INFO undecoded #1480 (Ichito Nagata) * [mruby] fix keepalive not being used when the response to http_request is directly returned #1489 (Ichito Nagata) * [mruby] fix offset overflow of SCRIPT_INFO and PATH_INFO #1502 (Ichito Nagata) * [proxy][ssl] fix pointer corruption when connecting to origin via https (big-endian only) #1475 (Kazuho Oku) * [proxy] omit network I/O when handling internal redirect between hosts mapped to different ports #1498 (Ichito Nagata) * [ssl] fix crash on s390 (and possibly on other big-endian machines) #1474 (Apollon Oikonomopoulos) * [websocket] do not send upgrade header twice #1463 (Yamagishi Kazutoshi) [1] https://github.com/h2o/h2o/releases

wwwutz

Done reviewing. No comments on changes needed.

pmenzel force-pushed the update-h2o-from-2.2.2-to-2.2.4 branch from 9b90a8d to 5d90bc8 Compare February 22, 2018 16:24

wwwutz approved these changes Feb 22, 2018

View reviewed changes

wwwutz merged commit f212a20 into master Feb 22, 2018

donald deleted the update-h2o-from-2.2.2-to-2.2.4 branch February 26, 2018 07:29

Update H2O from 2.2.2 to 2.2.4 #637

Update H2O from 2.2.2 to 2.2.4 #637

pmenzel commented Feb 22, 2018

wwwutz left a comment

Update H2O from 2.2.2 to 2.2.4 #637

Update H2O from 2.2.2 to 2.2.4 #637

Conversation

pmenzel commented Feb 22, 2018

wwwutz left a comment

Choose a reason for hiding this comment