Skip to content

Releases: devAlphaSystem/NLcURL

v0.15.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 06 Jul 03:58

Added

  • Added session-level configurations and connection-time validation to block private and reserved IP addresses for SSRF and DNS-rebinding protection.
  • Added absolute decompression limits to prevent memory exhaustion from zip-bomb attacks.

Changed

  • Updated the Public Suffix List rules and deferred trie construction to first use to reduce startup overhead.
  • Optimized performance of HPACK Huffman encoding, HTTP/2 buffer allocations, and WebSocket payload masking.

Fixed

  • Fixed vulnerabilities in TLS intermediate certificate chain validation by strictly enforcing CA status and validity checks.
  • Prevented HTTP request smuggling by automatically discarding Content-Length headers when chunked Transfer-Encoding is active.
  • Fixed caching behavior to properly serve fresh cached responses and accurately calculate elapsed age.

v0.14.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 08 Apr 11:59

Added

  • Updated the Public Suffix List with new domain rules.

Changed

  • Enhanced the test retry mechanism to handle transient 5xx server errors and a broader range of network failure codes.
  • Refactored live tests to use centralized retry-wrapped request utilities for improved stability.

Removed

  • Removed various unused internal functions, types, and constants across the DNS, HTTP, and TLS modules.
  • Deleted the obsolete test helper utility file.

Fixed

  • Fixed potential resource leaks in integration tests by ensuring sessions are properly closed.

v0.13.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 06 Apr 03:39

Added

  • Added a link to the official external documentation website.

Removed

  • Removed local documentation files in favor of the new external documentation site.
  • Removed several features including DNS-over-TLS, Circuit Breaker, TCP Fast Open, and resumable uploads.
  • Removed advanced TLS utilities for OCSP stapling, Certificate Transparency, and Early Data.
  • Removed specialized caching modules for range requests, dictionary transport, and cache groups.

v0.12.2

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 28 Mar 01:55

Fixed

  • Included the response body in the session data object.

v0.12.1

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 22 Mar 13:00

Changed

  • Updated ECH GREASE extension to use random data for improved browser impersonation.

Fixed

  • Resolved TLS handshake failures by adding support for fragmented messages and mid-stream CHANGE_CIPHER_SPEC records.

v0.12.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 21 Mar 21:28

Added

  • Added support for Extended Master Secret (RFC 7627) and seamless TLS 1.2 fallback to the stealth engine.
  • Added Application Layer Protocol Settings (ALPS) negotiation support.
  • Added a comprehensive suite of live network tests to validate real-world impersonation and anti-bot bypass.
  • Added support for routing plain HTTP requests through the stealth engine transport.

Changed

  • Enhanced stealth engine reliability by implementing a buffered handshake record reader to prevent data loss.
  • Updated the protocol negotiator to provide detailed TLS metadata in request responses.

Fixed

  • Fixed encoding errors in SNI, ALPS, and ECH GREASE TLS extensions to improve fingerprint accuracy.
  • Fixed ClientHello padding logic for specific message size ranges to ensure consistent browser impersonation.
  • Fixed potential crashes and security issues in DNS response parsing for truncated packets.
  • Corrected TLS 1.3 KeyUpdate procedures to ensure valid encryption during key rotation.
  • Resolved protocol semantic issues in TLS 1.2 handshakes regarding sequence numbers and record types.

v0.11.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 10 Mar 15:07

Added

  • Added SSRF protection features to block requests to private IP addresses and dangerous ports.
  • Added validation for WebSocket close codes and custom header characters.
  • Added caching for Cache-Control parsing, Public Suffix List lookups, and TLS fingerprints to improve performance.
  • Added support for the QUERY HTTP method.
  • Added a new comprehensive test suite with integrated helpers.

Changed

  • Improved performance of cookie storage, DNS name encoding, and response parsing through new indexing and buffering strategies.
  • Optimized memory usage by implementing limits on internal authentication and fingerprint caches.
  • Refactored LRU eviction logic across cache and connection pool modules for better efficiency.
  • Updated the Public Suffix List rules.
  • Enhanced proxy authentication parsing in the CLI to support credentials containing special characters.

Removed

  • Removed legacy integration testing infrastructure and redundant unit test files.

Fixed

  • Fixed inaccurate first-byte timing measurements in HTTP/2 requests.
  • Fixed a bug in the connection pool where empty origins were not properly evicted.

v0.10.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 09 Mar 20:44

Added

  • Added an EventSource-compatible SSE client with automatic reconnection and state tracking.
  • Added support for Subresource Integrity (SRI) verification using SHA-256, SHA-384, and SHA-512.
  • Added a W3C-compliant Referrer-Policy implementation for automated Referer header handling.
  • Added support for Negotiate and NTLM authentication types.
  • Added CSRF protection via automated cookie-to-header token injection.
  • Added JSON serialization for HSTS and Alt-Svc stores to enable disk persistence.
  • Added support for HTTP/1.1 103 Early Hints.

Changed

  • Hardened security by stripping sensitive headers on HTTPS-to-HTTP redirects and rejecting embedded URL credentials.
  • Updated the CookieJar to exclude httpOnly cookies by default and enforce stricter validation on Netscape imports.
  • Improved HTTP/2 compliance by enforcing header list limits and filtering forbidden connection-specific headers.
  • Updated Digest authentication to support the auth-int quality of protection (qop).

Fixed

  • Implemented protections against decompression bombs and excessive certificate chain depths.
  • Fixed potential stream corruption in HTTP/1.1 chunked encoding writes.
  • Corrected WebSocket handshake requests to include the standard Origin header.
  • Added detection for ambiguous or conflicting Location headers during redirects.

v0.9.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 09 Mar 16:26

Added

  • Added support for Digest (RFC 7616) and AWS Signature V4 authentication schemes.
  • Implemented a per-origin circuit breaker to prevent cascading failures.
  • Added security features for SSRF protection, including private IP and dangerous port blocking.
  • Introduced DNS rebinding protection and EDNS(0) with padding support for improved privacy.
  • Added support for TLS 1.3 session resumption via PSK, HelloRetryRequest, and post-handshake key updates.
  • Added native streaming request body support for HTTP/1.1 using chunked transfer encoding.

Changed

  • Improved HTTP caching compliance with RFC 9111, adding multi-variant Vary and Age header support.
  • Enhanced cookie security with SameSite enforcement and RFC 6265bis requirement compliance.
  • Hardened HTTP/2 and HTTP/1.1 implementations with better resource limits and protection against header smuggling.
  • Strengthened WebSocket and Server-Sent Events parsers for stricter standards compliance and UTF-8 validation.

Removed

  • Removed all logic and error handling related to HTTP/3 (QUIC) detection.

Fixed

  • Fixed potential memory exhaustion vulnerabilities in HPACK and header parsers.
  • Fixed validation issues when handling mismatched Content-Length headers in outgoing requests.

v0.8.0

Choose a tag to compare

@devAlphaSystem devAlphaSystem released this 08 Mar 22:39

Added

  • Implemented JA4 fingerprinting and post-quantum (PQ) key share support for browser profiles.
  • Added support for TLS 1.3 Early Data (0-RTT), TCP Fast Open (TFO), and SSLKEYLOGFILE key logging.
  • Implemented OCSP stapling and Certificate Transparency (SCT) validation.
  • Added resumable file uploads, shared dictionary compression transport, and request body compression.
  • Introduced a DNS-over-TLS (DoT) resolver and a TTL-aware internal DNS cache.
  • Added support for the HTTP QUERY method, 103 Early Hints, and HTTP trailer headers.
  • Implemented HTTP Digest proxy authentication and support for the Retry-After header.
  • Added cache key grouping, partial content (byte-range) caching, and No-Vary-Search support.

Changed

  • Extensively overhauled and expanded the project documentation suite.
  • Updated the response model to include TLS version, cipher, and ALPN protocol metadata.
  • Refactored the internal caching architecture and integrated DNS caching into the DoH resolver.

Removed

  • Removed the standalone architecture documentation file.