aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2024-01-23 15:29:41 +0100
committerLoïc Hoguin <[email protected]>2024-01-23 15:29:41 +0100
commit8f9051519e56e0c49ec9c3d60ca9389104b1b18c (patch)
treee69d543b9b2aa1b81b2280f3fc59d2e4bac83dd1
parentf060e6c4ffedca65111b8016d4a976e15bfdb2b1 (diff)
downloadcowboy-8f9051519e56e0c49ec9c3d60ca9389104b1b18c.tar.gz
cowboy-8f9051519e56e0c49ec9c3d60ca9389104b1b18c.tar.bz2
cowboy-8f9051519e56e0c49ec9c3d60ca9389104b1b18c.zip
Cowboy 2.11
-rw-r--r--Makefile8
-rw-r--r--README.asciidoc4
-rw-r--r--doc/src/guide/book.asciidoc2
-rw-r--r--doc/src/guide/getting_started.asciidoc2
-rw-r--r--doc/src/guide/migrating_from_2.10.asciidoc139
-rw-r--r--doc/src/manual/cowboy_http2.asciidoc8
-rw-r--r--doc/src/manual/cowboy_websocket.asciidoc1
-rw-r--r--ebin/cowboy.app2
8 files changed, 156 insertions, 10 deletions
diff --git a/Makefile b/Makefile
index 74aff5c..1609bbf 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
PROJECT = cowboy
PROJECT_DESCRIPTION = Small, fast, modern HTTP server.
-PROJECT_VERSION = 2.10.0
+PROJECT_VERSION = 2.11.0
PROJECT_REGISTERED = cowboy_clock
# Options.
@@ -38,8 +38,8 @@ define HEX_TARBALL_EXTRA_METADATA
#{
licenses => [<<"ISC">>],
links => #{
- <<"User guide">> => <<"https://ninenines.eu/docs/en/cowboy/2.10/guide/">>,
- <<"Function reference">> => <<"https://ninenines.eu/docs/en/cowboy/2.10/manual/">>,
+ <<"User guide">> => <<"https://ninenines.eu/docs/en/cowboy/2.11/guide/">>,
+ <<"Function reference">> => <<"https://ninenines.eu/docs/en/cowboy/2.11/manual/">>,
<<"GitHub">> => <<"https://github.com/ninenines/cowboy">>,
<<"Sponsor">> => <<"https://github.com/sponsors/essen">>
}
@@ -105,7 +105,7 @@ prepare_tag:
$(verbose) grep http.*:// README.asciidoc
$(verbose) echo
$(verbose) echo "Titles in most recent CHANGELOG:"
- $(verbose) for f in `ls -r doc/src/guide/migrating_from_*.asciidoc | head -n1`; do \
+ $(verbose) for f in `ls -rv doc/src/guide/migrating_from_*.asciidoc | head -n1`; do \
echo $$f:; \
grep == $$f; \
done
diff --git a/README.asciidoc b/README.asciidoc
index cd110ad..4b850cd 100644
--- a/README.asciidoc
+++ b/README.asciidoc
@@ -18,8 +18,8 @@ Cowboy is *clean* and *well tested* Erlang code.
== Online documentation
-* https://ninenines.eu/docs/en/cowboy/2.6/guide[User guide]
-* https://ninenines.eu/docs/en/cowboy/2.6/manual[Function reference]
+* https://ninenines.eu/docs/en/cowboy/2.11/guide[User guide]
+* https://ninenines.eu/docs/en/cowboy/2.11/manual[Function reference]
== Offline documentation
diff --git a/doc/src/guide/book.asciidoc b/doc/src/guide/book.asciidoc
index 582820f..4448202 100644
--- a/doc/src/guide/book.asciidoc
+++ b/doc/src/guide/book.asciidoc
@@ -75,6 +75,8 @@ include::performance.asciidoc[Performance]
= Additional information
+include::migrating_from_2.10.asciidoc[Migrating from Cowboy 2.10 to 2.11]
+
include::migrating_from_2.9.asciidoc[Migrating from Cowboy 2.9 to 2.10]
include::migrating_from_2.8.asciidoc[Migrating from Cowboy 2.8 to 2.9]
diff --git a/doc/src/guide/getting_started.asciidoc b/doc/src/guide/getting_started.asciidoc
index 731e4a5..a26802d 100644
--- a/doc/src/guide/getting_started.asciidoc
+++ b/doc/src/guide/getting_started.asciidoc
@@ -69,7 +69,7 @@ fetch and compile Cowboy, and that we will use releases:
PROJECT = hello_erlang
DEPS = cowboy
-dep_cowboy_commit = 2.10.0
+dep_cowboy_commit = 2.11.0
REL_DEPS = relx
diff --git a/doc/src/guide/migrating_from_2.10.asciidoc b/doc/src/guide/migrating_from_2.10.asciidoc
new file mode 100644
index 0000000..aaa8fe9
--- /dev/null
+++ b/doc/src/guide/migrating_from_2.10.asciidoc
@@ -0,0 +1,139 @@
+[appendix]
+== Migrating from Cowboy 2.10 to 2.11
+
+Cowboy 2.11 contains a variety of new features and bug
+fixes. Nearly all previously experimental features are
+now marked as stable, including Websocket over HTTP/2.
+Included is a fix for an HTTP/2 protocol CVE.
+
+Cowboy 2.11 requires Erlang/OTP 24.0 or greater.
+
+Cowboy is now using GitHub Actions for CI. The main reason
+for the move is to reduce costs by no longer having to
+self-host CI runners. The downside is that GitHub runners
+are less reliable and timing dependent tests are now more
+likely to fail.
+
+=== Features added
+
+* A new HTTP/2 option `max_cancel_stream_rate` has been added
+ to control the rate of stream cancellation the server will
+ accept. By default Cowboy will accept 500 cancelled streams
+ every 10 seconds.
+
+* A new stream handler `cowboy_decompress_h` has been added.
+ It allows automatically decompressing incoming gzipped
+ request bodies. It includes options to protect against
+ zip bombs.
+
+* Websocket over HTTP/2 is no longer considered experimental.
+ Note that the `enable_connect_protocol` option must be set
+ to `true` in order to use Websocket over HTTP/2 for the
+ time being.
+
+* Automatic mode for reading request bodies has been
+ documented. In automatic mode, Cowboy waits indefinitely
+ for data and sends a `request_body` message when data
+ comes in. It mirrors `{active, once}` socket modes.
+ This is ideal for loop handlers and is also used
+ internally for HTTP/2 Websocket.
+
+* Ranged requests support is no longer considered
+ experimental. It was added in 2.6 to both `cowboy_static`
+ and `cowboy_rest`. Ranged responses can be produced
+ either automatically (for the `bytes` unit) or manually.
+ REST flowcharts have been updated with the new callbacks
+ and steps related to handling ranged requests.
+
+* A new HTTP/1.1 and HTTP/2 option `reset_idle_timeout_on_send`
+ has been added. When enabled, the `idle_timeout` will be
+ reset every time Cowboy sends data to the socket.
+
+* Loop handlers may now return a timeout value in the place
+ of `hibernate`. Timeouts behave the same as in `gen_server`.
+
+* The `generate_etag` callback of REST handlers now accepts
+ `undefined` as a return value to allow conditionally
+ generating etags.
+
+* The `cowboy_compress_h` options `compress_threshold` and
+ `compress_buffering` are no longer considered experimental.
+ They were de facto stable since 2.6 as they already were
+ documented.
+
+* Functions `cowboy:get_env/2,3` have been added.
+
+* Better error messages have been added when trying to send
+ a 204 or 304 response with a body; when attempting to
+ send two responses to a single request; when trying to
+ push a response after the final response; when trying
+ to send a `set-cookie` header without using
+ `cowboy_req:set_resp_cookie/3,4`.
+
+=== Features removed
+
+* Cowboy will no longer include the NPN extension when
+ starting a TLS listener. This extension has long been
+ deprecated and replaced with the ALPN extension. Cowboy
+ will continue using the ALPN extension for protocol
+ negotiation.
+
+=== Bugs fixed
+
+* A fix was made to address the HTTP/2 CVE CVE-2023-44487
+ via the new HTTP/2 option `max_cancel_stream_rate`.
+
+* HTTP/1.1 requests that contain both a content-length and
+ a transfer-encoding header will now be rejected to avoid
+ security risks. Previous behavior was to ignore the
+ content-length header as recommended by the HTTP RFC.
+
+* HTTP/1.1 connections would sometimes use the wrong timeout
+ value to determine whether the connection should be closed.
+ This resulted in connections staying up longer than
+ intended. This should no longer be the case.
+
+* Cowboy now reacts to socket errors immediately for HTTP/1.1
+ and HTTP/2 when possible. Cowboy will notice when connections
+ have been closed properly earlier than before. This also
+ means that the socket option `send_timeout_close` will work
+ as expected.
+
+* Shutting down HTTP/1.1 pipelined requests could lead to
+ the current request being terminated before the response
+ has been sent. This has been addressed.
+
+* When using HTTP/1.1 an invalid Connection header will now
+ be rejected with a 400 status code instead of crashing.
+
+* The documentation now recommends increasing the HTTP/2
+ option `max_frame_size_received`. Cowboy currently uses
+ the protocol default but will increase its default in a
+ future release. Until then users are recommended to set
+ the option to ensure larger requests are accepted and
+ processed with acceptable performance.
+
+* Cowboy could sometimes send HTTP/2 WINDOW_UPDATE frames
+ twice in a row. Now they should be consolidated.
+
+* Cowboy would sometimes send HTTP/2 WINDOW_UPDATE frames
+ for streams that have stopped internally. This should
+ no longer be the case.
+
+* The `cowboy_compress_h` stream handler will no longer
+ attempt to compress responses that have an `etag` header
+ to avoid caching issues.
+
+* The `cowboy_compress_h` will now always add `accept-encoding`
+ to the `vary` header as it indicates that responses may
+ be compressed.
+
+* Cowboy will now remove the `trap_exit` process flag when
+ HTTP/1.1 connections upgrade to Websocket.
+
+* Exit gracefully instead of crashing when the socket gets
+ closed when reading the PROXY header.
+
+* Missing `cowboy_stream` manual pages have been added.
+
+* A number of fixes were made to documentation and examples.
diff --git a/doc/src/manual/cowboy_http2.asciidoc b/doc/src/manual/cowboy_http2.asciidoc
index a47d24a..8eb3cf2 100644
--- a/doc/src/manual/cowboy_http2.asciidoc
+++ b/doc/src/manual/cowboy_http2.asciidoc
@@ -94,7 +94,10 @@ enable_connect_protocol (false)::
Whether to enable the extended CONNECT method to allow
protocols like Websocket to be used over an HTTP/2 stream.
-This option is experimental and disabled by default.
++
+For backward compatibility reasons, this option is disabled
+by default. It must be enabled to use Websocket over HTTP/2.
+It will be enabled by default in a future release.
goaway_initial_timeout (1000)::
@@ -277,6 +280,7 @@ too many `WINDOW_UPDATE` frames.
== Changelog
+* *2.11*: Websocket over HTTP/2 is now considered stable.
* *2.11*: The `reset_idle_timeout_on_send` option was added.
* *2.11*: Add the option `max_cancel_stream_rate` to protect
against another flood scenario.
@@ -307,7 +311,7 @@ too many `WINDOW_UPDATE` frames.
`max_frame_size_received`, `max_frame_size_sent`
and `settings_timeout` to configure HTTP/2 SETTINGS
and related behavior.
-* *2.4*: Add the experimental option `enable_connect_protocol`.
+* *2.4*: Add the option `enable_connect_protocol`.
* *2.0*: Protocol introduced.
== See also
diff --git a/doc/src/manual/cowboy_websocket.asciidoc b/doc/src/manual/cowboy_websocket.asciidoc
index b1eb593..6d822d9 100644
--- a/doc/src/manual/cowboy_websocket.asciidoc
+++ b/doc/src/manual/cowboy_websocket.asciidoc
@@ -285,6 +285,7 @@ normal circumstances if necessary.
== Changelog
+* *2.11*: Websocket over HTTP/2 is now considered stable.
* *2.11*: HTTP/1.1 Websocket no longer traps exits by default.
* *2.8*: The `active_n` option was added.
* *2.7*: The commands based interface has been documented.
diff --git a/ebin/cowboy.app b/ebin/cowboy.app
index 9f3e1cb..5dfa163 100644
--- a/ebin/cowboy.app
+++ b/ebin/cowboy.app
@@ -1,6 +1,6 @@
{application, 'cowboy', [
{description, "Small, fast, modern HTTP server."},
- {vsn, "2.10.0"},
+ {vsn, "2.11.0"},
{modules, ['cowboy','cowboy_app','cowboy_bstr','cowboy_children','cowboy_clear','cowboy_clock','cowboy_compress_h','cowboy_constraints','cowboy_decompress_h','cowboy_handler','cowboy_http','cowboy_http2','cowboy_loop','cowboy_metrics_h','cowboy_middleware','cowboy_req','cowboy_rest','cowboy_router','cowboy_static','cowboy_stream','cowboy_stream_h','cowboy_sub_protocol','cowboy_sup','cowboy_tls','cowboy_tracer_h','cowboy_websocket']},
{registered, [cowboy_sup,cowboy_clock]},
{applications, [kernel,stdlib,crypto,cowlib,ranch]},