v0.43.1

Full Changelog: v0.43.0...v0.43.1

v0.43.0

What's Changed

• Removed deprecated APIs by @yhirose in #2423
• fix: cast len to 64 bits before right shift in ws by @Tachi107 in #2426
• fix #2429 by @Kukodam in #2430
• Fix #2427 by @yhirose in #2428

New Contributors

• @Kukodam made their first contribution in #2430

Full Changelog: v0.42.0...v0.43.0

v0.42.0

What's Changed

• test: WebSocketIntegrationTest.SocketSettings: do not set AF_INET by @jirislaby in #2420

New Contributors

• @jirislaby made their first contribution in #2420

Full Changelog: v0.41.0...v0.42.0

v0.41.0

• Replace httplib::any / std::map<std::string, httplib::any> based res.user_data with a new type-safe UserData class that provides set() / get<T>() API by @yhirose (Fix #2416)
• Add parse_url utility function with UrlComponents struct for parsing URLs into scheme, host, port, path, and query components by @yhirose
• [cmake] Allow using pre-existing zstd::libzstd target if it already exists, useful for projects that bundle their own zstd by @crueter in #2390
• Add header parser and URL parser fuzzers for OSS-Fuzz coverage improvement by @DavidKorczynski in #2412

v0.40.0

• Optimize multipart content provider to coalesce small writes and reduce TCP packet fragmentation by
  @yhirose in #2410
• Add set_socket_opt function and corresponding test for TCP_NODELAY option by @yhirose in
  #2411
• Implement request body consumption and reject invalid Content-Length with Transfer-Encoding to prevent
  request smuggling by @yhirose
• Fixed warnings by @yhirose

v0.39.0

What's Changed

• [cmake] Update modules.cmake to fix cmake error by @v-nam in #2393
• "Building a Desktop LLM App with cpp-httplib" by @yhirose in #2403

v0.38.0

Security Enhancements

• Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)
• Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

New Features

• Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)
• Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
• SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)
• WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

Improvements

• Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)
• Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)
• Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

Bug Fixes

• Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

Internal / Test Changes

• Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)
• Enabled BindDualStack test (69d468f)

v0.37.2

What's Changed

• Fix TLS cert verification bypass on proxy redirect introduced in #2165 by @yhirose in #2396
• Various security fixes

v0.37.1

What's Changed

• Remove 32-bit limitation by @yhirose in #2388

v0.37.0

• Use doc.yml to generate document site a058e31
• Fix problem with alternate file name check de296af