CHANGELOG.rst (5256B)
1 Release History 2 =============== 3 4 4.0.0 (2020-08-30) 5 ------------------ 6 7 API Changes (Backward-Incompatible) 8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9 10 - Support for Python 2.7 has been removed. 11 - Support for Python 3.4 has been removed. 12 - Support for Python 3.5 has been removed. 13 - Support for PyPy (Python 2.7 compatible) has been removed. 14 - Support for Python 3.8 has been added. 15 16 **Bugfixes** 17 18 - Performance improvement of static header search. Use dict search instead 19 of linear search. 20 - Fix debug output of headers during encoding. 21 22 23 3.0.0 (2017-03-29) 24 ------------------ 25 26 **API Changes (Backward Incompatible)** 27 28 - Removed nghttp2 support. This support had rotted and was essentially 29 non-functional, so it has now been removed until someone has time to re-add 30 the support in a functional form. 31 - Attempts by the encoder to exceed the maximum allowed header table size via 32 dynamic table size updates (or the absence thereof) are now forbidden. 33 34 **API Changes (Backward Compatible)** 35 36 - Added a new ``InvalidTableSizeError`` thrown when the encoder does not 37 respect the maximum table size set by the user. 38 - Added a ``Decoder.max_allowed_table_size`` field that sets the maximum 39 allowed size of the decoder header table. See the documentation for an 40 indication of how this should be used. 41 42 **Bugfixes** 43 44 - Up to 25% performance improvement decoding HPACK-packed integers, depending 45 on the platform. 46 - HPACK now tolerates receiving multiple header table size changes in sequence, 47 rather than only one. 48 - HPACK now forbids header table size changes anywhere but first in a header 49 block, as required by RFC 7541 ยง 4.2. 50 - Other miscellaneous performance improvements. 51 52 2.3.0 (2016-08-04) 53 ------------------ 54 55 **Security Fixes** 56 57 - CVE-2016-6581: HPACK Bomb. This release now enforces a maximum value of the 58 decompressed size of the header list. This is to avoid the so-called "HPACK 59 Bomb" vulnerability, which is caused when a malicious peer sends a compressed 60 HPACK body that decompresses to a gigantic header list size. 61 62 This also adds a ``OversizedHeaderListError``, which is thrown by the 63 ``decode`` method if the maximum header list size is being violated. This 64 places the HPACK decoder into a broken state: it must not be used after this 65 exception is thrown. 66 67 This also adds a ``max_header_list_size`` to the ``Decoder`` object. This 68 controls the maximum allowable decompressed size of the header list. By 69 default this is set to 64kB. 70 71 2.2.0 (2016-04-20) 72 ------------------ 73 74 **API Changes (Backward Compatible)** 75 76 - Added ``HeaderTuple`` and ``NeverIndexedHeaderTuple`` classes that signal 77 whether a given header field may ever be indexed in HTTP/2 header 78 compression. 79 - Changed ``Decoder.decode()`` to return the newly added ``HeaderTuple`` class 80 and subclass. These objects behave like two-tuples, so this change does not 81 break working code. 82 83 **Bugfixes** 84 85 - Improve Huffman decoding speed by 4x using an approach borrowed from nghttp2. 86 - Improve HPACK decoding speed by 10% by caching header table sizes. 87 88 2.1.1 (2016-03-16) 89 ------------------ 90 91 **Bugfixes** 92 93 - When passing a dictionary or dictionary subclass to ``Encoder.encode``, HPACK 94 now ensures that HTTP/2 special headers (headers whose names begin with 95 ``:`` characters) appear first in the header block. 96 97 2.1.0 (2016-02-02) 98 ------------------ 99 100 **API Changes (Backward Compatible)** 101 102 - Added new ``InvalidTableIndex`` exception, a subclass of 103 ``HPACKDecodingError``. 104 - Instead of throwing ``IndexError`` when encountering invalid encoded integers 105 HPACK now throws ``HPACKDecodingError``. 106 - Instead of throwing ``UnicodeDecodeError`` when encountering headers that are 107 not UTF-8 encoded, HPACK now throws ``HPACKDecodingError``. 108 - Instead of throwing ``IndexError`` when encountering invalid table offsets, 109 HPACK now throws ``InvalidTableIndex``. 110 - Added ``raw`` flag to ``decode``, allowing ``decode`` to return bytes instead 111 of attempting to decode the headers as UTF-8. 112 113 **Bugfixes** 114 115 - ``memoryview`` objects are now used when decoding HPACK, improving the 116 performance by avoiding unnecessary data copies. 117 118 2.0.1 (2015-11-09) 119 ------------------ 120 121 - Fixed a bug where the Python HPACK implementation would only emit header 122 table size changes for the total change between one header block and another, 123 rather than for the entire sequence of changes. 124 125 2.0.0 (2015-10-12) 126 ------------------ 127 128 - Remove unused ``HPACKEncodingError``. 129 - Add the shortcut ability to import the public API (``Encoder``, ``Decoder``, 130 ``HPACKError``, ``HPACKDecodingError``) directly, rather than from 131 ``hpack.hpack``. 132 133 1.1.0 (2015-07-07) 134 ------------------ 135 136 - Add support for emitting 'never indexed' header fields, by using an optional 137 third element in the header tuple. With thanks to @jimcarreer! 138 139 1.0.1 (2015-04-19) 140 ------------------ 141 142 - Header fields that have names matching header table entries are now added to 143 the header table. This improves compression efficiency at the cost of 144 slightly more table operations. With thanks to `Tatsuhiro Tsujikawa`_. 145 146 .. _Tatsuhiro Tsujikawa: https://github.com/tatsuhiro-t 147 148 1.0.0 (2015-04-13) 149 ------------------ 150 151 - Initial fork of the code from `hyper`_. 152 153 .. _hyper: https://hyper.readthedocs.org/