njs-1.0.0 is a milestone release. With the QuickJS engine now at feature parity with the original njs engine, QuickJS becomes the recommended engine and the built-in njs engine is deprecated.
Deprecation does not mean removal. The njs engine will continue to be supported and have its bugs fixed for the foreseeable future, and it will remain available as an option for compatibility. We recommend migrating to QuickJS, which will eventually become the default engine.
This release focuses on security and stability hardening. Additionally, exception classes reported by the HTTP, Stream, Fetch, and core built-in APIs are now aligned between the njs and QuickJS engines (TypeError for API misuse, RangeError for out-of-range values), and the Fetch client rejects unsafe request targets, methods, and header values before request serialization. String-producing buffer growth is now bounded, so exceeding the maximum string length raises a catchable RangeError instead of exhausting worker memory.
Below is a release summary generated by GitHub.
What's Changed
- Agents guide. by @xeioex in #1065
- Hardening fixes. by @xeioex in #1066
- Fetch hardening. by @xeioex in #1068
- Exceptions overhaul. by @xeioex in #1069
- QuickJS: fix consumed value cleanup. by @xeioex in #1070
- Fix OOM in staging/sm/String/replace-math Tests262. by @xeioex in #1072
- Misc fixes. by @xeioex in #1073
- Misc fixes. by @xeioex in #1074
- HTTP: fix segfault reading a request header with no cache slot. by @xeioex in #1075
- Fix use-after-free in Array.prototype.sort(). by @xeioex in #1079
- HTTP: fix use-after-free in r.subrequest() on premature client close. by @xeioex in #1080
- Misc fixes. by @xeioex in #1076
- Version 1.0.0. by @xeioex in #1082
Full Changelog: 0.9.9...1.0.0