blob: f799f0739a4d8bd05b9cae22c5340989344fdc35 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
+++
date = "2024-01-29T07:00:00+01:00"
title = "Cowboy 2.11"
+++
Cowboy `2.11.0` has been released!
Cowboy 2.11 contains a variety of new features and bug
fixes. Nearly all previously experimental features are
now marked as stable, including Websocket over HTTP/2.
Cowboy 2.11 addresses the HTTP/2 CVE CVE-2023-44487,
the rapid reset vulnerability, which attackers can use
in denial of services attacks. Cowboy adds a new HTTP/2
option `max_cancel_stream_rate` to control for this
behavior.
Cowboy 2.11 requires Erlang/OTP 24.0 or greater.
It is tested and supported on Linux, macOS and Windows.
Cowboy is now using GitHub Actions for CI. The main reason
for the move is to reduce costs by no longer having to
self-host CI runners. The downside is that GitHub runners
are less reliable and timing dependent tests are now more
likely to fail. Another consequence following the move
is that FreeBSD is no longer tested. This may be
reevaluated in the future.
A complete
list of changes can be found in the migration guide:
https://ninenines.eu/docs/en/cowboy/2.11/guide/migrating_from_2.10/[Migrating from Cowboy 2.10 to 2.11].
You can donate to this project via
https://github.com/sponsors/essen[GitHub Sponsors].
As usual, feedback is appreciated, and issues or
questions should be sent via Github tickets or
discussions. Thanks!
|
