Swift Nio Http2 Versions Save

SemVer Patch

• Content-Length errors shouldn't crash (#371)

SemVer Minor

• Verify content length is not negative (#361)
• Provide an iterator for header values (#362)

SemVer Patch

• Verify all content-length header values match (#360)
• Make FramePayload.Data class-backed (#365)
• Ignore content-length for HEAD requests and 304 responses (#369)

Other Changes

• Add .spi.yml for Swift Package Index DocC support (#363)
• Add Swift 5.8 CI and update nightly CI to Ubuntu 22.04 (#366)
• Point docs to Swift Package Index (#367)
• Remove Jazzy doc generation (#368)
• Update allocation limits (#370)

SemVer Patch

• Replace NIOSendable with Sendable (#358)

Other Changes

• Remove #if compiler(>=5.5) (#357)

SemVer Minor

• Raise minimum supported Swift version from 5.4 to 5.5 (#355)

SemVer Patch

• Better GoAWAY error (#354)

Other Changes

• Use Docc for documentation (#351)
• Validate missing imports in CI (#352)
• Update allocation limits (#356)

SemVer Patch

• Use swift-atomics instead of NIOAtomics (#350)

Other Changes

• Use 5.7 nightlies (#348)

SemVer Minor

• Adopt Sendable in relevant types (#343)
• Make HPACKHeaders hashable. (#344)

SemVer Patch

• Improve HTTPHeader normalisation performance for large inputs (#347)

Other Changes

• Add script to list transitive dependencies (#340)
• Remove build_podspec.sh (#341)
• HPACKHeaders performance test for HTTPHeader normalisation (#346)

SemVer Minor

• Drop support for Swift 5.2 and 5.3 (#337)

Other Changes

• Use SPM API diff checker (#334)
• Fix warnings, that appeared after requiring Swift 5.4 (#338)

SemVer Patch

• Forbid clients from pushing (#332)

Other Changes

• ci update (#329)
• Update alloc limits and clean up soundness (#331)

Security Fixes

This version contains a fix for CVE-2022-0618: Denial of service via HTTP/2 HEADERS frames padding. This fix involves a substantial rewrite of the frame parser to address a number of related issues that all trigger crashes in swift-nio-http2. For more details see the advisory. We recommend updating to this release as soon as possible. (commit)

SemVer Minor

• Make UnrepresentableInteger public (#325)

SemVer Patch

• Remove a retain/release (#327)
• Use unchecked math in encodeInteger (#328)

Other Changes

• Update minimum dependency version in README (#326)

The release contains fixes for three security vulnerabilties.

SemVer Patch

• CVE-2022-24668: Denial of service via ALTSVC or ORIGIN frames
• CVE-2022-24667: Denial of service via mishandled HPACK variable length integer encoding
• CVE-2022-24666: Denial of service via invalid HTTP/2 HEADERS frame length

Other Changes

• Update doc generation script (#322)
• Add 5.6 nightly CI (#324)