H2

Latest version: v4.1.0

Safety actively analyzes 688944 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 7

3.0.0

------------------

API Changes (Backward-Incompatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- By default, hyper-h2 now joins together received cookie header fields, per
RFC 7540 Section 8.1.2.5.
- Added a ``normalize_inbound_headers`` flag to the ``H2Configuration`` object
that defaults to ``True``. Setting this to ``False`` changes the behaviour
from the previous point back to the v2 behaviour.
- Removed deprecated fields from ``h2.errors`` module.
- Removed deprecated fields from ``h2.settings`` module.
- Removed deprecated ``client_side`` and ``header_encoding`` arguments from
``H2Connection``.
- Removed deprecated ``client_side`` and ``header_encoding`` properties from
``H2Connection``.
- ``dict`` objects are no longer allowed for user-supplied headers.
- The default header encoding is now ``None``, not ``utf-8``: this means that
all events that carry headers now return those headers as byte strings by
default. The header encoding can be set back to ``utf-8`` to restore the old
behaviour.

API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- Added new ``UnknownFrameReceived`` event that fires when unknown extension
frames have been received. This only fires when using hyperframe 5.0 or
later: earlier versions of hyperframe cause us to silently ignore extension
frames.

Bugfixes
~~~~~~~~

None

2.6.2

------------------

Bugfixes
~~~~~~~~

- CONTINUATION frames sent on closed streams previously caused stream errors
of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
errors of type PROTOCOL_ERROR, and so this release changes to match that
behaviour.
- Remote peers incrementing their inbound connection window beyond the maximum
allowed value now cause stream-level errors, rather than connection-level
errors, allowing connections to stay up longer.
- h2 now rejects receiving and sending request header blocks that are missing
any of the mandatory pseudo-header fields (:path, :scheme, and :method).
- h2 now rejects receiving and sending request header blocks that have an empty
:path pseudo-header value.
- h2 now rejects receiving and sending request header blocks that contain
response-only pseudo-headers, and vice versa.
- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
local setting, and ensures that if users shrink or increase the header
table size it is policed appropriately.

2.6.1

------------------

Bugfixes
~~~~~~~~

- Allowed hyperframe v5 support while continuing to ignore unexpected frames.

2.6.0

------------------

API Changes (Backward-Compatible)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- Added a new ``h2.events.Event`` class that acts as a base class for all
events.
- Rather than reject outbound Connection-specific headers, h2 will now
normalize the header block by removing them.
- Implement equality for the ``h2.settings.Settings`` class.
- Added ``h2.settings.SettingCodes``, an enum that is used to store all the
HTTP/2 setting codes. This allows us to use a better printed representation of
the setting code in most places that it is used.
- The ``setting`` field in ``ChangedSetting`` for the ``RemoteSettingsChanged``
and ``SettingsAcknowledged`` events has been updated to be instances of
``SettingCodes`` whenever they correspond to a known setting code. When they
are an unknown setting code, they are instead ``int``. As ``SettingCodes`` is
a subclass of ``int``, this is non-breaking.
- Deprecated the other fields in ``h2.settings``. These will be removed in
3.0.0.
- Added an optional ``pad_length`` parameter to ``H2Connection.send_data``
to allow the user to include padding on a data frame.
- Added a new parameter to the ``h2.config.H2Configuration`` initializer which
takes a logger. This allows us to log by providing a logger that conforms
to the requirements of this module so that it can be used in different
environments.

Bugfixes
~~~~~~~~

- Correctly reject pushed request header blocks whenever they have malformed
request header blocks.
- Correctly normalize pushed request header blocks whenever they have
normalizable header fields.
- Remote peers are now allowed to send zero or any positive number as a value
for ``SETTINGS_MAX_HEADER_LIST_SIZE``, where previously sending zero would
raise a ``InvalidSettingsValueError``.
- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
upgrade that was emitted by ``initiate_upgrade_connection`` included the
*entire* ``SETTINGS`` frame, instead of just the payload.
- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
than have those settings applied appropriately.
- Resolved an issue whereby certain frames received from a peer in the CLOSED
state would trigger connection errors when RFC 7540 says they should have
triggered stream errors instead. Added more detailed stream closure tracking
to ensure we don't throw away connections unnecessarily.

2.5.4

------------------

Bugfixes
~~~~~~~~

- CONTINUATION frames sent on closed streams previously caused stream errors
of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
errors of type PROTOCOL_ERROR, and so this release changes to match that
behaviour.
- Remote peers incrementing their inbound connection window beyond the maximum
allowed value now cause stream-level errors, rather than connection-level
errors, allowing connections to stay up longer.
- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
local setting, and ensures that if users shrink or increase the header
table size it is policed appropriately.

2.5.3

------------------

Bugfixes
~~~~~~~~

- Allowed hyperframe v5 support while continuing to ignore unexpected frames.

Page 2 of 7

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.