Releases: devAlphaSystem/NLcURL
Releases · devAlphaSystem/NLcURL
Release list
v0.15.0
Added
- Added session-level configurations and connection-time validation to block private and reserved IP addresses for SSRF and DNS-rebinding protection.
- Added absolute decompression limits to prevent memory exhaustion from zip-bomb attacks.
Changed
- Updated the Public Suffix List rules and deferred trie construction to first use to reduce startup overhead.
- Optimized performance of HPACK Huffman encoding, HTTP/2 buffer allocations, and WebSocket payload masking.
Fixed
- Fixed vulnerabilities in TLS intermediate certificate chain validation by strictly enforcing CA status and validity checks.
- Prevented HTTP request smuggling by automatically discarding Content-Length headers when chunked Transfer-Encoding is active.
- Fixed caching behavior to properly serve fresh cached responses and accurately calculate elapsed age.
v0.14.0
Added
- Updated the Public Suffix List with new domain rules.
Changed
- Enhanced the test retry mechanism to handle transient 5xx server errors and a broader range of network failure codes.
- Refactored live tests to use centralized retry-wrapped request utilities for improved stability.
Removed
- Removed various unused internal functions, types, and constants across the DNS, HTTP, and TLS modules.
- Deleted the obsolete test helper utility file.
Fixed
- Fixed potential resource leaks in integration tests by ensuring sessions are properly closed.
v0.13.0
Added
- Added a link to the official external documentation website.
Removed
- Removed local documentation files in favor of the new external documentation site.
- Removed several features including DNS-over-TLS, Circuit Breaker, TCP Fast Open, and resumable uploads.
- Removed advanced TLS utilities for OCSP stapling, Certificate Transparency, and Early Data.
- Removed specialized caching modules for range requests, dictionary transport, and cache groups.
v0.12.2
Fixed
- Included the response body in the session data object.
v0.12.1
Changed
- Updated ECH GREASE extension to use random data for improved browser impersonation.
Fixed
- Resolved TLS handshake failures by adding support for fragmented messages and mid-stream CHANGE_CIPHER_SPEC records.
v0.12.0
Added
- Added support for Extended Master Secret (RFC 7627) and seamless TLS 1.2 fallback to the stealth engine.
- Added Application Layer Protocol Settings (ALPS) negotiation support.
- Added a comprehensive suite of live network tests to validate real-world impersonation and anti-bot bypass.
- Added support for routing plain HTTP requests through the stealth engine transport.
Changed
- Enhanced stealth engine reliability by implementing a buffered handshake record reader to prevent data loss.
- Updated the protocol negotiator to provide detailed TLS metadata in request responses.
Fixed
- Fixed encoding errors in SNI, ALPS, and ECH GREASE TLS extensions to improve fingerprint accuracy.
- Fixed ClientHello padding logic for specific message size ranges to ensure consistent browser impersonation.
- Fixed potential crashes and security issues in DNS response parsing for truncated packets.
- Corrected TLS 1.3 KeyUpdate procedures to ensure valid encryption during key rotation.
- Resolved protocol semantic issues in TLS 1.2 handshakes regarding sequence numbers and record types.
v0.11.0
Added
- Added SSRF protection features to block requests to private IP addresses and dangerous ports.
- Added validation for WebSocket close codes and custom header characters.
- Added caching for Cache-Control parsing, Public Suffix List lookups, and TLS fingerprints to improve performance.
- Added support for the QUERY HTTP method.
- Added a new comprehensive test suite with integrated helpers.
Changed
- Improved performance of cookie storage, DNS name encoding, and response parsing through new indexing and buffering strategies.
- Optimized memory usage by implementing limits on internal authentication and fingerprint caches.
- Refactored LRU eviction logic across cache and connection pool modules for better efficiency.
- Updated the Public Suffix List rules.
- Enhanced proxy authentication parsing in the CLI to support credentials containing special characters.
Removed
- Removed legacy integration testing infrastructure and redundant unit test files.
Fixed
- Fixed inaccurate first-byte timing measurements in HTTP/2 requests.
- Fixed a bug in the connection pool where empty origins were not properly evicted.
v0.10.0
Added
- Added an EventSource-compatible SSE client with automatic reconnection and state tracking.
- Added support for Subresource Integrity (SRI) verification using SHA-256, SHA-384, and SHA-512.
- Added a W3C-compliant Referrer-Policy implementation for automated Referer header handling.
- Added support for Negotiate and NTLM authentication types.
- Added CSRF protection via automated cookie-to-header token injection.
- Added JSON serialization for HSTS and Alt-Svc stores to enable disk persistence.
- Added support for HTTP/1.1 103 Early Hints.
Changed
- Hardened security by stripping sensitive headers on HTTPS-to-HTTP redirects and rejecting embedded URL credentials.
- Updated the CookieJar to exclude httpOnly cookies by default and enforce stricter validation on Netscape imports.
- Improved HTTP/2 compliance by enforcing header list limits and filtering forbidden connection-specific headers.
- Updated Digest authentication to support the auth-int quality of protection (qop).
Fixed
- Implemented protections against decompression bombs and excessive certificate chain depths.
- Fixed potential stream corruption in HTTP/1.1 chunked encoding writes.
- Corrected WebSocket handshake requests to include the standard Origin header.
- Added detection for ambiguous or conflicting Location headers during redirects.
v0.9.0
Added
- Added support for Digest (RFC 7616) and AWS Signature V4 authentication schemes.
- Implemented a per-origin circuit breaker to prevent cascading failures.
- Added security features for SSRF protection, including private IP and dangerous port blocking.
- Introduced DNS rebinding protection and EDNS(0) with padding support for improved privacy.
- Added support for TLS 1.3 session resumption via PSK, HelloRetryRequest, and post-handshake key updates.
- Added native streaming request body support for HTTP/1.1 using chunked transfer encoding.
Changed
- Improved HTTP caching compliance with RFC 9111, adding multi-variant Vary and Age header support.
- Enhanced cookie security with SameSite enforcement and RFC 6265bis requirement compliance.
- Hardened HTTP/2 and HTTP/1.1 implementations with better resource limits and protection against header smuggling.
- Strengthened WebSocket and Server-Sent Events parsers for stricter standards compliance and UTF-8 validation.
Removed
- Removed all logic and error handling related to HTTP/3 (QUIC) detection.
Fixed
- Fixed potential memory exhaustion vulnerabilities in HPACK and header parsers.
- Fixed validation issues when handling mismatched Content-Length headers in outgoing requests.
v0.8.0
Added
- Implemented JA4 fingerprinting and post-quantum (PQ) key share support for browser profiles.
- Added support for TLS 1.3 Early Data (0-RTT), TCP Fast Open (TFO), and SSLKEYLOGFILE key logging.
- Implemented OCSP stapling and Certificate Transparency (SCT) validation.
- Added resumable file uploads, shared dictionary compression transport, and request body compression.
- Introduced a DNS-over-TLS (DoT) resolver and a TTL-aware internal DNS cache.
- Added support for the HTTP QUERY method, 103 Early Hints, and HTTP trailer headers.
- Implemented HTTP Digest proxy authentication and support for the Retry-After header.
- Added cache key grouping, partial content (byte-range) caching, and No-Vary-Search support.
Changed
- Extensively overhauled and expanded the project documentation suite.
- Updated the response model to include TLS version, cipher, and ALPN protocol metadata.
- Refactored the internal caching architecture and integrated DNS caching into the DoH resolver.
Removed
- Removed the standalone architecture documentation file.