New
v1.67.0
Special thanks to the following security researchers who reported the issues fixed in this release:
- @zer0yu (Enze Wang)
- @P3ngu1nW (Jingcheng Yang)
- @9vvert (Zehui Miao)
What's Changed
- Add DNS cache management methods for TCPDialer by @aabishkaryal in https://github.com/valyala/fasthttp/pull/2072
- Fix username:password@ validation in urls by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2080
- Validate IPv6 addresses in urls by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2079
- Validate schemes by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2078
- Reject invalid hosts with multiple port delimiters by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2077
- Reject backslash absolute URIs and cache parse errors by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2075
- Reject bad ipv6 hostnames by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2076
- Reimplement flushing support for fasthttpadaptor by @erikdubbelboer in https://github.com/valyala/fasthttp/pull/2081
- chore(deps): bump securego/gosec from 2.22.8 to 2.22.9 by @dependabot[bot] in https://github.com/valyala/fasthttp/pull/2073
New Contributors
- @aabishkaryal made their first contribution in https://github.com/valyala/fasthttp/pull/2072
Full Changelog: https://github.com/valyala/fasthttp/compare/v1.66.0...v1.67.0