1Release History 2=============== 3 43.0.0 (2017-03-29) 5------------------ 6 7**API Changes (Backward Incompatible)** 8 9- Removed nghttp2 support. This support had rotted and was essentially 10 non-functional, so it has now been removed until someone has time to re-add 11 the support in a functional form. 12- Attempts by the encoder to exceed the maximum allowed header table size via 13 dynamic table size updates (or the absence thereof) are now forbidden. 14 15**API Changes (Backward Compatible)** 16 17- Added a new ``InvalidTableSizeError`` thrown when the encoder does not 18 respect the maximum table size set by the user. 19- Added a ``Decoder.max_allowed_table_size`` field that sets the maximum 20 allowed size of the decoder header table. See the documentation for an 21 indication of how this should be used. 22 23**Bugfixes** 24 25- Up to 25% performance improvement decoding HPACK-packed integers, depending 26 on the platform. 27- HPACK now tolerates receiving multiple header table size changes in sequence, 28 rather than only one. 29- HPACK now forbids header table size changes anywhere but first in a header 30 block, as required by RFC 7541 § 4.2. 31- Other miscellaneous performance improvements. 32 332.3.0 (2016-08-04) 34------------------ 35 36**Security Fixes** 37 38- CVE-2016-6581: HPACK Bomb. This release now enforces a maximum value of the 39 decompressed size of the header list. This is to avoid the so-called "HPACK 40 Bomb" vulnerability, which is caused when a malicious peer sends a compressed 41 HPACK body that decompresses to a gigantic header list size. 42 43 This also adds a ``OversizedHeaderListError``, which is thrown by the 44 ``decode`` method if the maximum header list size is being violated. This 45 places the HPACK decoder into a broken state: it must not be used after this 46 exception is thrown. 47 48 This also adds a ``max_header_list_size`` to the ``Decoder`` object. This 49 controls the maximum allowable decompressed size of the header list. By 50 default this is set to 64kB. 51 522.2.0 (2016-04-20) 53------------------ 54 55**API Changes (Backward Compatible)** 56 57- Added ``HeaderTuple`` and ``NeverIndexedHeaderTuple`` classes that signal 58 whether a given header field may ever be indexed in HTTP/2 header 59 compression. 60- Changed ``Decoder.decode()`` to return the newly added ``HeaderTuple`` class 61 and subclass. These objects behave like two-tuples, so this change does not 62 break working code. 63 64**Bugfixes** 65 66- Improve Huffman decoding speed by 4x using an approach borrowed from nghttp2. 67- Improve HPACK decoding speed by 10% by caching header table sizes. 68 692.1.1 (2016-03-16) 70------------------ 71 72**Bugfixes** 73 74- When passing a dictionary or dictionary subclass to ``Encoder.encode``, HPACK 75 now ensures that HTTP/2 special headers (headers whose names begin with 76 ``:`` characters) appear first in the header block. 77 782.1.0 (2016-02-02) 79------------------ 80 81**API Changes (Backward Compatible)** 82 83- Added new ``InvalidTableIndex`` exception, a subclass of 84 ``HPACKDecodingError``. 85- Instead of throwing ``IndexError`` when encountering invalid encoded integers 86 HPACK now throws ``HPACKDecodingError``. 87- Instead of throwing ``UnicodeDecodeError`` when encountering headers that are 88 not UTF-8 encoded, HPACK now throws ``HPACKDecodingError``. 89- Instead of throwing ``IndexError`` when encountering invalid table offsets, 90 HPACK now throws ``InvalidTableIndex``. 91- Added ``raw`` flag to ``decode``, allowing ``decode`` to return bytes instead 92 of attempting to decode the headers as UTF-8. 93 94**Bugfixes** 95 96- ``memoryview`` objects are now used when decoding HPACK, improving the 97 performance by avoiding unnecessary data copies. 98 992.0.1 (2015-11-09) 100------------------ 101 102- Fixed a bug where the Python HPACK implementation would only emit header 103 table size changes for the total change between one header block and another, 104 rather than for the entire sequence of changes. 105 1062.0.0 (2015-10-12) 107------------------ 108 109- Remove unused ``HPACKEncodingError``. 110- Add the shortcut ability to import the public API (``Encoder``, ``Decoder``, 111 ``HPACKError``, ``HPACKDecodingError``) directly, rather than from 112 ``hpack.hpack``. 113 1141.1.0 (2015-07-07) 115------------------ 116 117- Add support for emitting 'never indexed' header fields, by using an optional 118 third element in the header tuple. With thanks to @jimcarreer! 119 1201.0.1 (2015-04-19) 121------------------ 122 123- Header fields that have names matching header table entries are now added to 124 the header table. This improves compression efficiency at the cost of 125 slightly more table operations. With thanks to `Tatsuhiro Tsujikawa`_. 126 127.. _Tatsuhiro Tsujikawa: https://github.com/tatsuhiro-t 128 1291.0.0 (2015-04-13) 130------------------ 131 132- Initial fork of the code from `hyper`_. 133 134.. _hyper: https://hyper.readthedocs.org/ 135