2.7.0 has been released!
Cowboy 2.7 improves the HTTP/2 code with optimizations around the sending of DATA and WINDOW_UPDATE frames; graceful shutdown of the connection when the client is going away; and rate limiting mechanisms. New options and mechanisms have also been added to control the amount of memory Cowboy ends up using with both HTTP/1.1 and HTTP/2. Much of this work was done to address HTTP/2 CVEs about potential denial of service.
In addition, many of the experimental features introduced in previous releases have been marked stable and are now documented. These include the commands-based Websocket handler interface; the metrics and tracer stream handlers; and the ability to change options on a per-stream basis (for example idle timeouts).
This is the first Cowboy version that is compatible with the upcoming Ranch 2.0. Cowboy 2.7 will use Ranch 1.7.1 by default.
Cowboy 2.7 requires Erlang/OTP 20 or above and is tested and supported on Linux, FreeBSD, macOS and Windows.
A complete list of changes can be found in the migration guide: Migrating from Cowboy 2.6 to 2.7.
I have more free time available for consulting or for paid open source development at the moment. If you are interested, drop me an email at [email protected]. I have gathered that there's interest in a pure Erlang GRPC implementation, and there's also QUIC and HTTP/3 that will be ready soon, for examples of projects I'd be interested in working on.
You can donate to this project via GitHub Sponsors. These funds are used to pay for additional servers for testing.
As usual, feedback is appreciated, and issues or questions should be sent via Github tickets. Thanks!