[appendix] == Migrating from Gun 2.1 to 2.2 Gun 2.2 contains many features and fixes, including an experimental HTTP/3 implementation. Gun 2.2 requires Erlang/OTP 24.0 or greater. === Features added * Gun will now do wildcard certificate matching by default, as required by the HTTP protocol, by setting the `customize_hostname_check` ssl option. * User pings are now supported for HTTP/2. User pings are PING frames sent by the user, with the corresponding PING_ACK resulting in a `gun_notify` message being sent to the user process. They can be used to measure latency or do other checks. * The `reply_to` request option has been extended to accept a fun or an MFA that will be called when a reply must be sent to the user process. * The `state_name`, `event_handler` and `event_handler_state` fields were added to `gun:info/1`. * Update Cowlib to 2.15.0. === Experimental features added * Experimental support for HTTP/3 has been added. Websocket over HTTP/3 is not currently implemented. HTTP/3 support is disabled by default; to enable, the environment variable GUN_QUICER must be set at compile-time. === Bugs fixed * TLS 1.3 performs certificate validation independently from the handshake, which means that certificate errors can arrive after the handshake has completed. This is in part to support post-handshake authentication. Gun will now replace `{error, closed}` and similar socket errors with the TLS alert when possible, including for TLS over TLS and TLS over HTTP/2 scenarios. * HTTP/2 tunneling has been improved: WINDOW_UPDATE frames are now properly sent, and flow control is handled. In addition closing the stream is better handled. This impacts both proxying scenarios as well as Websocket over HTTP/2. * HTTP/2 will now properly send a NO_ERROR "error" code when initiating graceful shutdown. * HTTP/2 will now properly track the number of streams currently running and immediately fail when the user tries to open a stream too many compared to what the server allows. * Sometimes stray HTTP/2 timeout messages could be received, producing a log message. This was because they were not cleaned up on disconnect. Now they are. * Socket errors were not properly handled when sending Websocket PONG frames. This has been corrected. * Trying to send a Websocket frame over an HTTP connection (before the Websocket upgrade) will now result in an error sent to the user process. * When connecting to HTTP via a Unix domain socket, Gun will now set the host header to "localhost" by default. Previously an invalid host header was sent. * Data could be lost when switching to the raw protocol. This has been corrected. * Documentation has been updated to describe the `notify_settings_changed` option; as well as to recommend disabling automatic reconnect when Websocket is used; and to provide context around potential security risks due to HTTP/2 compressed headers.