| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-07-01 | 1.8 kB | |
| v3.58.0 Release source code.tar.gz | 2026-07-01 | 490.0 kB | |
| v3.58.0 Release source code.zip | 2026-07-01 | 582.4 kB | |
| Totals: 3 Items | 1.1 MB | 2 | |
New Features
- Add
SetTLSFingerprintSpecfor custom ClientHelloSpec support — accepts a*utls.ClientHelloSpecfor fine-grained TLS fingerprint customization (JA3/JA4). Closes [#477], [#478]. - Add
SensitiveHeadersRedirectPolicy— strips custom auth headers (e.g.X-API-Key,X-Auth-Token) on cross-domain redirects to prevent credential leakage (CWE-200). Fixes [#489]. - Port quic-go v0.59.0 — aligns with quic-go v0.59.0 breaking changes: removes deprecated
ConnectionTracingID/ConnectionTracingKey, removes stream hijacking API, replaceshandleUnidirectionalStreamswith per-stream callback, addsRawClientConnfor fine-grained stream control, addsHandleBidirectionalStream(closes conn per RFC 9114), fixesSupportsDatagrams→SupportsDatagrams.Remote. Fixes [#482].
Bug Fixes
Unmarshalreturns error on error status codes — now checksIsErrorState()before deserializing, preventing 4xx/5xx response bodies from being deserialized into target structs. Closes [#465].- Retry on GOAWAY errors with cached HTTP/2 connections —
RoundTripOnlyCachedConnnow falls through to create a new connection instead of returningerrClientConnGotGoAwaydirectly. Closes [#491]. SetCookieJarFactoryreturnshttp.CookieJarinterface — changes return type from*cookiejar.Jartohttp.CookieJar, allowing custom cookie jar implementations. Closes [#415].- Add
application/jsonto Chrome impersonate accept header — matches Chrome's actual accept header for API requests expecting JSON. Closes [#471].
Dependencies
- Upgrade utls to v1.8.2 — security update from v1.8.1. Addresses [#459].
Tests
- Add comprehensive unit tests for HTTP/3 frames, headers, transport, and dump.
- Add automated test gate infrastructure.