Skip to content

Commit e265a54

Browse files
authored
chore: release v0.1.1
1 parent 7f96812 commit e265a54

3 files changed

Lines changed: 43 additions & 2 deletions

File tree

CHANGELOG.md

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# Changelog
2+
3+
All notable changes to this project will be documented in this file.
4+
5+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7+
8+
## [Unreleased]
9+
10+
## [0.1.1](https://github.com/KarpelesLab/httpsd/compare/v0.1.0...v0.1.1) - 2026-06-30
11+
12+
### Fixed
13+
14+
- *(h3)* reclaim and cap request-stream state (MEDIUM)
15+
- *(quic)* bound connection table against spoofed-source flood (HIGH)
16+
17+
### Other
18+
19+
- CLI + config: privdrop orchestration and Server header control
20+
- Add privilege-drop core + bind-readiness handshake
21+
- Fix O(n²) DoS in HTTP/1 parser (incremental header scan + chunked decode)
22+
- *(threadpool)* avoid unused_mut warning when acme feature is off
23+
- harden private-key handling (audit LOW findings)
24+
- Fix static-file security findings: dotfiles, range reads, nosniff, gzip on 206
25+
- *(gdns)* strip control chars from redirect Location (defense in depth)
26+
- *(mio)* cap connection map and reap idle / slow-trickle peers
27+
- *(tokio)* add connection cap and read/handshake timeouts
28+
- *(threadpool)* bound slow-trickle slowloris and fix ACME 1-worker deadlock
29+
- *(manager)* bound issuance state and add negative caching
30+
- *(json)* cap parse recursion depth and input length
31+
- *(jose)* validate SEC1 point in xy() instead of panicking
32+
- enforce per-connection resource limits (security hardening)
33+
- Fix HTTP/1.x parser/serializer security findings in conn.rs
34+
- Include acme in the cli feature so the default binary can issue certs
35+
- Harden the thread-pool runtime against connection-exhaustion DoS
36+
- Back off and rate-limit on accept() errors to prevent EMFILE busy-loop
37+
- drop redundant plain-transport copies and per-route path splits
38+
- Add http-crate interop behind the `http` feature
39+
- Add ergonomic routing layer behind the `router` feature
40+
- Format h2 response_fields (rustfmt)
41+
- Fix CI: move h2 response_fields before its test module; qualify TlsStream doc link

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "httpsd"
3-
version = "0.1.0"
3+
version = "0.1.1"
44
edition = "2024"
55
rust-version = "1.88"
66
description = "A pure-Rust HTTP/HTTPS server — usable as a sans-I/O library with pluggable runtimes (thread pool, tokio, mio) or as a CLI that serves a directory or a TOML config."

0 commit comments

Comments
 (0)