History of changes

v0.12.0 (2021-01-01)


  • Added support for servers with broken line endings.

    After this change h11 accepts both \r\n and \n as a headers delimiter. (#7)

  • Add early detection of invalid http data when request line starts with binary (#122)

Deprecations and Removals

  • Python 2.7 and PyPy 2 support is removed. h11 now requires Python>=3.6 including PyPy 3. Users running pip install h11 on Python 2 will automatically get the last Python 2-compatible version. (#114)

v0.11.0 (2020-10-05)

New features:

  • h11 now stores and makes available the raw header name as received. In addition h11 will write out header names with the same casing as passed to it. This allows compatibility with systems that expect titlecased header names. See #31.
  • Multiple content length headers are now merged into a single header if all the values are equal, if any are unequal a LocalProtocol error is raised (as before). See #92.

Backwards incompatible changes:

  • Headers added by h11, rather than passed to it, now have titlecased names. Whilst this should help compatibility it replaces the previous lowercased header names.

v0.10.0 (2020-08-14)

Other changes:

  • Drop support for Python 3.4.
  • Support Python 3.8.
  • Make error messages returned by match failures less ambiguous (#98).

v0.9.0 (2019-05-15)

Bug fixes:

  • Allow a broader range of characters in header values. This violates the RFC, but is apparently required for compatibility with real-world code, like Google Analytics cookies (#57, #58).
  • Validate incoming and outgoing request paths for invalid characters. This prevents a variety of potential security issues that have affected other HTTP clients. (#69).
  • Force status codes to be integers, thereby allowing stdlib HTTPStatus IntEnums to be used when constructing responses (#72).

Other changes:

  • Make all sentinel values inspectable by IDEs, and split SEND_BODY_DONE into SEND_BODY, and DONE (#75).
  • Drop support for Python 3.3.
  • LocalProtocolError raised in start_next_cycle now shows states for more informative errors (#80).

v0.8.1 (2018-04-14)

Bug fixes:

  • Always return headers as bytes objects (#60)

Other changes:

  • Added proper license notices to the Javascript used in our documentation (#61)

v0.8.0 (2018-03-20)

Backwards incompatible changes:

  • h11 now performs stricter validation on outgoing header names and header values: illegal characters are now rejected (example: you can’t put a newline into an HTTP header), and header values with leading/trailing whitespace are also rejected (previously h11 would silently discard the whitespace). All these checks were already performed on incoming headers; this just extends that to outgoing headers.

New features:

Bug fixes:

  • Make sure that when computing the framing headers for HEAD responses, we produce the same results as we would for the corresponding GET.
  • Error out if a request has multiple Host: headers.
  • Send the Host: header first, as recommended by RFC 7230.
  • The Expect: header is case-insensitive, so use case-insensitive matching when looking for 100-continue.

Other changes:

  • Better error messages in several cases.
  • Provide correct error_status_hint in exception raised when encountering an invalid Transfer-Encoding header.
  • For better compatibility with broken servers, h11 now tolerates responses where the reason phrase is missing (not just empty).
  • Various optimizations and documentation improvements.

v0.7.0 (2016-11-25)

New features (backwards compatible):

Bug fixes:

  • Fix the error message given when a call to an event constructor is missing a required keyword argument (issue #14).
  • Fixed encoding of empty Data events (Data(data=b"")) when using chunked encoding (issue #21).

v0.6.0 (2016-10-24)

This is the first release since we started using h11 to write non-trivial server code, and this experience triggered a number of substantial API changes.

Backwards incompatible changes:

  • Split the old receive_data() into the new receive_data() and next_event(), and replaced the old Paused pseudo-event with the new NEED_DATA and PAUSED sentinels.
  • Simplified the API by replacing the old Connection.state_of(), Connection.client_state, Connection.server_state with the new Connection.states.
  • Renamed the old prepare_to_reuse() to the new start_next_cycle().
  • Removed the Paused pseudo-event.

Backwards compatible changes:

  • State machine: added a DONE -> MUST_CLOSE transition triggered by our peer being in the ERROR state.
  • Split ProtocolError into LocalProtocolError and RemoteProtocolError (see Error handling). Use case: HTTP servers want to be able to distinguish between an error that originates locally (which produce a 500 status code) versus errors caused by remote misbehavior (which produce a 4xx status code).
  • Changed the PRODUCT_ID from h11/<verson> to python-h11/<version>. (This is similar to what requests uses, and much more searchable than plain h11.)

Other changes:

  • Added a minimal benchmark suite, and used it to make a few small optimizations (maybe ~20% speedup?).

v0.5.0 (2016-05-14)

  • Initial release.