mod-h2 v2.0.30

• Fixed bug in handling over long response headers. When the 64 KB limit
  of nghttp2 was exceeded, the request was not reset and the client was
  left hanging, waiting for it. Now the stream is reset.
• Added new directive H2MaxHeaderBlockLen to set the limit on response
  header sizes.
• Fixed handling of Timeout vs. KeepAliveTimeout when first request on a
  connection was reset.

mod-h2 v2.0.29

• fixed a compiler warning about an unused static var when AP_MPMQ_CAN_WAITIO is not defined.

mod-h2 v2.0.28

• When HTTP/2 flow controls blocks further writes, return processing to an
  async mpm to free a worker thread. The connection needs window updates from
  the client in such a case and can leave monitoring the socket to the mpm.
  So far, only effective on Apache httpd 2.5.0 (trunk).
  [ylavic, icing]
• Backport fix of CVE-2024-36387 from Apache 2.4.60.

mod-h2 v2.0.27

• Added cmake support provided by @jfclere. Many thanks.
• Improved handling of excess request headers to lead to an early stream reset.

mod_h2 v2.0.26

• Fixed Date header on requests upgraded from HTTP/1.1 (h2c). Fixes #272.
• Fixed small memory leak in h2 header bucket free. Thanks to
  Michael Kaufmann for finding this and providing the fix.

mod_h2 v2.0.25

• Fixed a bug that prevented immediate memory release of reset streams
  on rare occasions. Memory was reclaimed instead at connection close.
  This could be exploited, unless nghttp2 v1.57.0 is used, in a variation
  of the Rapid Reset attack. Apache httpd issued CVE-2023-45802 for this.
• Synchronized with Apache httpd svn trunk

mod_h2 v2.0.24

• fixed a compile time issue for Windows builds.

mod_h2 v2.0.23

• Improved timeout handling for streams that are sending response data.
• mod_proxy_http2: fix X-Forward-Host header to carry the correct value.
  refs https://bz.apache.org/bugzilla/show_bug.cgi?id=66752.

mod_h2 v2.0.22

• Added support for bootstrapping WebSockets via HTTP/2, as described in
  RFC 8441.
• A new directive 'H2WebSockets on|off' has been added. The feature is
  disabled by default for compatibility reasons.
• In Apache httpd development trunk (e.g. version 2.5.x) it is possible to use
  this with the proxy module to reverse proxy to a backend WebSockets server.
  This requires some new internal plumbing code in the server for getting I/O
  events on the HTTP/2 stream serving the connection.
  This "plumbing" is planned to be ported back into Apache 2.4.58.
• For implementors of Apache modules using WebSockets, mod_h2 offers an
  optional function that provides an alternative to "older" Apache versions.
  See http2_get_pollfd_from_conn, declared in mod_http2.h.

mod_h2 v2.0.21

• The reporting of Total Accesses in the server-status page was fixed. It
  counted HTTP/2 requests twice. Test case added for this. Fixes PR 66801.
• New directive H2ProxyRequests on|off to enable handling of HTTP/2 requests
  in a forward proxy configuration. In addition to ProxyRequests for
  HTTP/1.1. Set both directives to on to allow both HTTP versions.
• Fixed an inconsistency in main connection io state after the connection
  write encountered an error. Related to PR 66649.