github uNetworking/uWebSockets v20.26.0
on GitHub

latest releases: v20.70.0, v20.69.0, v20.68.0...
2 years ago

RFC 9112 (HTTP/1.1) compliance fixup

HTTP/1.1 has been around since late stone age and there is now a new RFC9112 that updates it further, released this very summer. This is a good time to go over said spec. and make uWS as compliant as practically possible. This is going to be a gradual shift over time, making uWS more strict in this area, but here are some of the fixes in this release:

  • HTTP/1.0 requests are no longer accepted (so long Apache Bench!).
  • Content-Length and Transfer-Encoding are now more strictly and correctly parsed and used.
  • Requests without "host" header are dropped.
  • Requests with both Content-Length and Transfer-Encoding are dropped.
  • Requests with ridiculously large Content-Length are dropped.
  • Header values can no longer contain invisible control bytes (ASCII below 32), except for HTAB.
  • We are more strict in dropping requests with space between header key and colon.

Some of these fixes are due to a report by FFRI Security, Inc. If you consider spec. compliance a security factor; then update to latest uWS.

Check out latest releases or
releases around uNetworking/uWebSockets v20.26.0

Don't miss a new uWebSockets release

NewReleases is sending notifications on new releases.

Get notifications