We released new nghttp2
While we merged new
features, it is compatible with draft-14 framing layer. So this
release still announces h2-14 as ALPN identifier.
This release fixes heap-use-after free bug in nghttpx. The bug was
found by scan-build tool.
h2load, the benchmark tool for HTTP/2 and SPDY, now has --input-file
and --header options. By default, h2load takes URIs in
command-line. Instead, user can store URIs in a file and give it with
--input-file option to h2load. Then h2load reads URIs from that
file. This is convenient if lots of URIs are needed. --header
option is add additional request headers or replace pre-defined
headers (e.g., :scheme). These features were contributed by Kenny
nghttpx now has --strip-incoming-x-forwarded-for option. If given,
it strips incoming X-Forwarded-For request header.
This feature was contributed by Lucas Pardue.
nghttp, nghttpd and nghttpx now disable SSLv3 completely.
nghttpx now emits alt-svc
compliant Alt-Svc header field.
We released bug fix release of nghttp2
It still implements h2-14 and HPACK-09.
This release fixes the application (nghttpd, nghttpx and h2load) crash
with libc++ when threading is enabled. This crash was caused because
of heap-use-after-free of std::mutex object. Interestingly, libstdc++
did not exhibit this issue and clang address sanitizer also did not
report anything. Hopefully, this release fixes the reported crash in
Mac OS X (since it is likely to use libc++), and Mac OS X users
finally get multi-threaded nghttp2 applications. So try building
nghttp2 without –disable-threads and run one of applications and see
they do not crash.
We happily announce yet another release of nghttp2
It still implements h2-14 and HPACK-09.
This release addresses portability/compatibility issues reported by
package maintainer and users. One of the problem was caused by use of
std::future. Some platform lacks std::future, which causes compile
error on application under src directoy. In this release, we check
that whether std::future is available or not and if not, define
NOTHREADS and exclude multi threading code entirely from applications.
Surprisingly, nghttp2 did not check first SETTINGS (a part of
conneciton preface) strictly. From this release, nghttp2 library code
checks whether SETTINGS is received as a first frame and if other
frame type is received, treats it as PROTOCOL_ERROR.
The library code itself was optimized a bit more and improved its
We happily announce immediate availability of nghttp2
It still implements h2-14 and HPACK-09. This release fixes memory
leaks. We added nghttp2_option_set_recv_client_preface() function.
Previously, nghttp2 library only handles HTTP/2 frames and does not
recognize first 24 bytes of client connection preface. This design
choice is done due to the fact that server may want to detect the
application protocol based on first few bytes on clear text
communication. But for simple servers which only speak HTTP/2, it is
easier for developers if nghttp2 library takes care of client
connection preface as well. If this option is enabled, nghttp2
library checks first 24 bytes client connection preface. If it is not
a valid one, nghttp2_session_recv() and nghttp2_session_mem_recv()
will return new error code NGHTTP2_ERR_BAD_PREFACE, which is fatal
error. By default, the option is turned off for backward
The other thing worth mentioning is that now
nghttp2_stream_resume_deferred_data() does not fail if data is
deferred by flow control.
Previously processing incoming connection level WINDOW_UPDATE frame is
quite expensive, but it is fixed and now 2x faster than v0.6.1.
We introduced the experimental libnghttp2_asio C++ library. It is
built on top of libnghttp2 and intended to provide higher level APIs
to build HTTP/2 client/server easily. Currently, only server APIs are
provided. It depends on Boost::Asio and Boost::Thread libraries. For
example, the rather useless simple HTTP/2 server which returns “hello,
world” for any HTTP request is as follows:
We added examples/tiny-nghttpd server, which is stripped faster
version of nghttpd. Its purpose is measure performance bottleneck in
libnghttp2 code, avoding any overhead in external I/O library.
Currently it requires epoll, so it can be built only on linux.
nghttp2.org now hosts Lucid
HTTP/2 server written in Erlang.
The access endpoint is https://nghttp2.org:3456/.
Currently it returns simple html content including request headers.
It only speaks h2-14.
Since Erlang SSL module does not support AEAD cipher suites, Firefox
nightly refuses to connect to this server. To workaround this, open
about:config in Firefox and set
network.http.spdy.enforce-tls-profile to false.
In this release, we decided to hide the details of
nghttp2_session_callbacks struct. The reason of this decision is to
avoid so name bump each time we add new callback. Actually, we added
2 new callbacks in this release. We expect more to come, so it is a
good time to make API open for extension.
We successfully performed interop testing with Firefox, Jetty and
If you are shrpx users from
spdylay project, this is a
good time to migrate to nghttpx, which supports SPDY proxy as well.
Anyway, the every release for OSS project is happy time. Have fun!
We happily announce the immediate availability of nghttp2 v0.5.0.
The supported HTTP/2 protocol is now h2-13.
The changes since h2-12 were described in the previous post. We
still supports ALTSVC frame in this release, but it may be removed in
the future release since it is now in the separate document. The
BLOCKED frame was completely removed from the source code.