H2

Latest version: v4.1.0

Safety actively analyzes 688917 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 7

4.1.0

------------------

**Note:** The GitHub repository has been renamed to ``python-hyper/h2``, previously
was ``python-hyper/hyper-h2``. **The name of the package on PyPI is unchanged!**

API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- Support for Python 3.9 has been added.
- Support for Python 3.10 has been added.
- New example for a Python socket HTTP/2 client.
- New `OutputLogger` for use with ``h2.config.logger``. This is only provided
for convenience and not part of the stable API.

Bugfixes
~~~~~~~~

- Header validation now rejects empty header names with a ProtocolError. While
hpack decodes such header blocks without issues, they violate the
HTTP semantics.
- Fix TE header name in error message.

4.0.0

------------------

API Changes (Backward-Incompatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- Support for Python 2.7 has been removed.
- Support for Python 3.4 has been removed.
- Support for Python 3.5 has been removed.
- Support for PyPy (Python 2.7 compatible) has been removed.
- Support for Python 3.8 has been added.
- Receiving DATA before HEADERS now raises a ProtocolError (see https://tools.ietf.org/html/rfc7540#section-8.1)

3.2.0

------------------

Bugfixes
~~~~~~~~

- Receiving DATA frames on closed (or reset) streams now properly emit a
WINDOW_UPDATE to keep the connection flow window topped up.

API Changes (Backward-Incompatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ``h2.config.logger`` now uses a `trace(...)` function, in addition
to `debug(...)`. If you defined a custom logger object, you need to handle
these new function calls.

3.1.1

------------------

Bugfixes
~~~~~~~~

- Ignore WINDOW_UPDATE and RST_STREAM frames received after stream
closure.

3.1.0

------------------

API Changes (Backward-Incompatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ``h2.connection.H2Connection.data_to_send`` first and only argument ``amt``
was renamed to ``amount``.
- Support for Python 3.3 has been removed.

API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- ``h2.connection.H2Connection.send_data`` now supports ``data`` parameter
being a ``memoryview`` object.
- Refactor ping-related events: a ``h2.events.PingReceived`` event is fired
when a PING frame is received and a ``h2.events.PingAckReceived`` event is
fired when a PING frame with an ACK flag is received.
``h2.events.PingAcknowledged`` is deprecated in favour of the identical
``h2.events.PingAckReceived``.
- Added ``ENABLE_CONNECT_PROTOCOL`` to ``h2.settings.SettingCodes``.
- Support ``CONNECT`` requests with a ``:protocol`` pseudo header
thereby supporting RFC 8441.
- A limit to the number of closed streams kept in memory by the
connection is applied. It can be configured by
``h2.connection.H2Connection.MAX_CLOSED_STREAMS``.

Bugfixes
~~~~~~~~

- Debug logging when stream_id is None is now fixed and no longer errors.

3.0.1

------------------

Bugfixes
~~~~~~~~

- CONTINUATION frames sent on closed streams previously caused stream errors
of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
errors of type PROTOCOL_ERROR, and so this release changes to match that
behaviour.
- Remote peers incrementing their inbound connection window beyond the maximum
allowed value now cause stream-level errors, rather than connection-level
errors, allowing connections to stay up longer.
- h2 now rejects receiving and sending request header blocks that are missing
any of the mandatory pseudo-header fields (:path, :scheme, and :method).
- h2 now rejects receiving and sending request header blocks that have an empty
:path pseudo-header value.
- h2 now rejects receiving and sending request header blocks that contain
response-only pseudo-headers, and vice versa.
- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
local setting, and ensures that if users shrink or increase the header
table size it is policed appropriately.

Page 1 of 7

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.