Releases: h3js/h3
Releases · h3js/h3
v1.15.11
v2.0.1-rc.20
💅 Refactors
📦 Build
v2.0.1-rc.19
🩹 Fixes
- body: Enforce stream-based body size check regardless of content-length header (708a3aa)
💅 Refactors
- Upgrade cookie-es to v3 (9d244a7)
📖 Documentation
- Remove
await-thenablelint rule and fix invalidawaitusage (#1353)
📦 Build
- Move docs to dist (e87ceca)
❤️ Contributors
- Pooya Parsa (@pi0)
- Nick Spaargaren (@nickspaargaren)
Contributors
pi0 and nickspaargaren
Assets 2
v1.15.10
🩹 Fixes
- Preserve percent-encoded req.url in app event handler (#1355)
❤️ Contributors
- Sergio Azócar (@sergioazoc)
Contributors
sergioazoc
Assets 2
v2.0.1-rc.18
🩹 Fixes
v2.0.1-rc.17
🚀 Enhancements
🩹 Fixes
- cors: Preserve CORS headers on error responses (#1352)
- sse: Mark writer as closed on write failure (#1322)
- request: Include
Allowheader in 405 response (#1314) - sse: Sanitize carriage returns in event stream data and comments (79cabe3)
- mount: Normalize percent-encoded pathname in
requestWithBaseURL(0295f90) - static: Prevent path traversal via double-encoded dot segments (8e9993f)
- mount: Enforce path segment boundary in
startsWithcheck (7ccc9e2)
📖 Documentation
🏡 Chore
- Enable type-aware linting with oxc-lint (#1349)
❤️ Contributors
- Pooya Parsa (@pi0)
- Wind (@productdevbook)
- Terminal Chai (@terminalchai)
- Nick Spaargaren (@nickspaargaren)
- Gabriel Trzimajewski (@Sn0wye)
Contributors
pi0, nickspaargaren, and 3 other contributors
Assets 2
v1.15.9
v1.15.8
v1.15.7
🩹 Fixes
- static: Narrow path traversal check to match
..as a path segment only (c049dc0) - app: Decode percent-encoded path segments to prevent auth bypass (313ea52)
💅 Refactors
- Remove implicit event handler conversion warning (#1340)
❤️ Contributors
- Pooya Parsa (@pi0)
- Wind (@productdevbook)
Contributors
pi0 and productdevbook
Assets 2
v2.0.1-rc.16
📦 Dependencies
- Update rou3 to 0.8 (4701dc4) (release notes)
- Update srvx to 0.11.9 (05959e38) (release notes)