Special thanks to the following security researchers who reported the issues fixed in this release:
What's Changed
- Add DNS cache management methods for TCPDialer by @aabishkaryal in #2072
- Fix username:password@ validation in urls by @erikdubbelboer in #2080
- Validate IPv6 addresses in urls by @erikdubbelboer in #2079
- Validate schemes by @erikdubbelboer in #2078
- Reject invalid hosts with multiple port delimiters by @erikdubbelboer in #2077
- Reject backslash absolute URIs and cache parse errors by @erikdubbelboer in #2075
- Reject bad ipv6 hostnames by @erikdubbelboer in #2076
- Reimplement flushing support for fasthttpadaptor by @erikdubbelboer in #2081
- chore(deps): bump securego/gosec from 2.22.8 to 2.22.9 by @dependabot[bot] in #2073
New Contributors
- @aabishkaryal made their first contribution in #2072
Full Changelog: v1.66.0...v1.67.0