Cowboy 2.17 fixes a number of security vulnerabilities and improves the security checklist. The checklist is now included in the Hex package for convenience.
Cowboy 2.17 updates Cowlib to 2.18.0. Both applications must be updated as they both contain security fixes.
Cowboy 2.17 requires Erlang/OTP 24.0 or greater.
max_concurrent_streams to 100.
max_frame_size to 1MB.
invalid_response_headers option to HTTP/2.
invalid_response_headers to responses sent following an early_error stream handler call.
max_authority_length option. It limits the length of the authority component, regardless of where that component is found (request line in absolute-form, host header, :authority pseudo-header).
max_keys option to cowboy_req functions that parse the query string or form-urlencoded bodies. This new limit is applied in addition to existing length limits. It defaults to 100.
Donate to Loïc Hoguin because his work on Cowboy, Ranch, Gun and Erlang.mk is fantastic:
Recurring payment options are also available via GitHub Sponsors. These funds are used to cover the recurring expenses like food, dedicated servers or domain names.