Skip to content

Releases: reactphp/http

v1.11.0

20 Nov 15:26
Compare
Choose a tag to compare
  • Feature: Improve PHP 8.4+ support by avoiding implicitly nullable types.
    (#537 by @clue)

  • Feature: Allow underscore character in Uri host.
    (#524 by @lulhum)

  • Improve test suite to fix expected error code when ext-sockets is not enabled.
    (#539 by @WyriHaximus)

v1.10.0

27 Mar 17:25
Compare
Choose a tag to compare
  • Feature: Add new PSR-7 implementation and remove dated RingCentral PSR-7 dependency.
    (#518, #519, #520 and #522 by @clue)

    This changeset allows us to maintain our own PSR-7 implementation and reduce
    dependencies on external projects. It also improves performance slightly and
    does not otherwise affect our public API. If you want to explicitly install
    the old RingCentral PSR-7 dependency, you can still install it like this:

    composer require ringcentral/psr7
  • Feature: Add new Uri class for new PSR-7 implementation.
    (#521 by @clue)

  • Feature: Validate outgoing HTTP message headers and reject invalid messages.
    (#523 by @clue)

  • Feature: Full PHP 8.3 compatibility.
    (#508 by @clue)

  • Fix: Fix HTTP client to omit Transfer-Encoding: chunked when streaming empty request body.
    (#516 by @clue)

  • Fix: Ensure connection close handler is cleaned up for each request.
    (#515 by @WyriHaximus)

  • Update test suite and avoid unhandled promise rejections.
    (#501 and #502 by @clue)

v1.9.0

26 Apr 10:32
Compare
Choose a tag to compare

This is a SECURITY and feature release for the 1.x series of ReactPHP's HTTP component.

  • Security fix: This release fixes a medium severity security issue in ReactPHP's HTTP server component
    that affects all versions between v0.8.0 and v1.8.0. All users are encouraged to upgrade immediately.
    (CVE-2023-26044 reported and fixed by @WyriHaximus)

  • Feature: Support HTTP keep-alive for HTTP client (reusing persistent connections).
    (#481, #484, #486 and #495 by @clue)

    This feature offers significant performance improvements when sending many
    requests to the same host as it avoids recreating the underlying TCP/IP
    connection and repeating the TLS handshake for secure HTTPS requests.

    $browser = new React\Http\Browser();
    
    // Up to 300% faster! HTTP keep-alive is enabled by default
    $response = React\Async\await($browser->get('https://httpbingo.org/redirect/6'));
    assert($response instanceof Psr\Http\Message\ResponseInterface);
  • Feature: Add Request class to represent outgoing HTTP request message.
    (#480 by @clue)

  • Feature: Preserve request method and body for 307 Temporary Redirect and 308 Permanent Redirect.
    (#442 by @dinooo13)

  • Feature: Include buffer logic to avoid dependency on reactphp/promise-stream.
    (#482 by @clue)

  • Improve test suite and project setup and report failed assertions.
    (#478 by @clue, #487 and #491 by @WyriHaximus and #475 and #479 by @SimonFrings)

v1.8.0

29 Sep 12:57
Compare
Choose a tag to compare
  • Feature: Support for default request headers.
    (#461 by @51imyy)

    $browser = new React\Http\Browser();
    $browser = $browser->withHeader('User-Agent', 'ACME');
    
    $browser->get($url)->then(…);
  • Feature: Forward compatibility with upcoming Promise v3.
    (#460 by @clue)

v1.7.0

23 Aug 12:33
Compare
Choose a tag to compare

This is a SECURITY and feature release for the 1.x series of ReactPHP's HTTP component.

  • Security fix: This release fixes a medium severity security issue in ReactPHP's HTTP server component
    that affects all versions between v0.7.0 and v1.6.0. All users are encouraged to upgrade immediately.
    Special thanks to Marco Squarcina (TU Wien) for reporting this and working with us to coordinate this release.
    (CVE-2022-36032 reported by @lavish and fixed by @clue)

  • Feature: Improve HTTP server performance by ~20%, reuse syscall values for clock time and socket addresses.
    (#457 and #467 by @clue)

  • Feature: Full PHP 8.2+ compatibility, refactor internal Transaction to avoid assigning dynamic properties.
    (#459 by @clue and #466 by @WyriHaximus)

  • Feature / Fix: Allow explicit Content-Length response header on HEAD requests.
    (#444 by @mrsimonbennett)

  • Minor documentation improvements.
    (#452 by @clue, #458 by @nhedger, #448 by @jorrit and #446 by @SimonFrings)

  • Improve test suite, update to use new reactphp/async package instead of clue/reactphp-block,
    skip memory tests when lowering memory limit fails and fix legacy HHVM build.
    (#464 and #440 by @clue and #450 by @SimonFrings)

v1.6.0

03 Feb 13:18
Compare
Choose a tag to compare
  • Feature: Add factory methods for common HTML/JSON/plaintext/XML response types.
    (#439 by @clue)

    $response = React\Http\Response\html("<h1>Hello wörld!</h1>\n");
    $response = React\Http\Response\json(['message' => 'Hello wörld!']);
    $response = React\Http\Response\plaintext("Hello wörld!\n");
    $response = React\Http\Response\xml("<message>Hello wörld!</message>\n");
  • Feature: Expose all status code constants via Response class.
    (#432 by @clue)

    $response = new React\Http\Message\Response(
        React\Http\Message\Response::STATUS_OK, // 200 OK
        …
    );
    $response = new React\Http\Message\Response(
        React\Http\Message\Response::STATUS_NOT_FOUND, // 404 Not Found
        …
    );
  • Feature: Full support for PHP 8.1 release.
    (#433 by @SimonFrings and #434 by @clue)

  • Feature / Fix: Improve protocol handling for HTTP responses with no body.
    (#429 and #430 by @clue)

  • Internal refactoring and internal improvements for handling requests and responses.
    (#422 by @WyriHaximus and #431 by @clue)

  • Improve documentation, update proxy examples, include error reporting in examples.
    (#420, #424, #426, and #427 by @clue)

  • Update test suite to use default loop.
    (#438 by @clue)

v1.5.0

04 Aug 12:26
Compare
Choose a tag to compare
  • Feature: Update Browser signature to take optional $connector as first argument and
    to match new Socket API without nullable loop arguments.
    (#418 and #419 by @clue)

    // unchanged
    $browser = new React\Http\Browser();
    
    // deprecated
    $browser = new React\Http\Browser(null, $connector);
    $browser = new React\Http\Browser($loop, $connector);
    
    // new
    $browser = new React\Http\Browser($connector);
    $browser = new React\Http\Browser($connector, $loop);
  • Feature: Rename Server to HttpServer to avoid class name collisions and
    to avoid any ambiguities with regards to the new SocketServer API.
    (#417 and #419 by @clue)

    // deprecated
    $server = new React\Http\Server($handler);
    $server->listen(new React\Socket\Server(8080));
    
    // new
    $http = new React\Http\HttpServer($handler);
    $http->listen(new React\Socket\SocketServer('127.0.0.1:8080'));

v1.4.0

11 Jul 13:04
Compare
Choose a tag to compare

A major new feature release, see release announcement.

  • Feature: Simplify usage by supporting new default loop.
    (#410 by @clue)

    // old (still supported)
    $browser = new React\Http\Browser($loop);
    $server = new React\Http\Server($loop, $handler);
    
    // new (using default loop)
    $browser = new React\Http\Browser();
    $server = new React\Http\Server($handler);

v1.3.0

11 Apr 18:11
Compare
Choose a tag to compare
  • Feature: Support persistent connections (Connection: keep-alive).
    (#405 by @clue)

    This shows a noticeable performance improvement especially when benchmarking
    using persistent connections (which is the default pretty much everywhere).
    Together with other changes in this release, this improves benchmarking
    performance by around 100%.

  • Feature: Require Host request header for HTTP/1.1 requests.
    (#404 by @clue)

  • Minor documentation improvements.
    (#398 by @fritz-gerneth and #399 and #400 by @pavog)

  • Improve test suite, use GitHub actions for continuous integration (CI).
    (#402 by @SimonFrings)

v1.2.0

04 Dec 13:07
Compare
Choose a tag to compare
  • Feature: Keep request body in memory also after consuming request body.
    (#395 by @clue)

    This means consumers can now always access the complete request body as
    detailed in the documentation. This allows building custom parsers and more
    advanced processing models without having to mess with the default parsers.