1.4.0 – 2020-04-07

Security

  • Prevent users from receiving an invalid authority parsed from a malicious URL. Previously we did not stop parsing the authority section at the first backslash (\\) character. As a result, it was possible to trick our parser into parsing up to the first forward-slash (/) and thus generating an invalid authority.

    See also GitHub pr-64 and the blog post that sparked this change

Bug Fixes and Features

  • Add from_uri to URIBuilder to allow creation of a URIBuilder from an existing URI.

    See also GitHub pr-63

  • Fix a typographical error in our documentation.

    See also GitHub pr-61