yhirose/cpp-httplib v0.38.0

on GitHub

Security Enhancements

• Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)
• Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

New Features

• Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)
• Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
• SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)
• WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

Improvements

• Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)
• Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)
• Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

Bug Fixes

• Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

Internal / Test Changes

• Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)
• Enabled BindDualStack test (69d468f)