[platform/upstream/libwebsockets.git] / changelog

Changelog
---------

v4.3.0
======

 - Add full CBOR stream parsing and writing support, with huge
   amount of test vectors and resumable printf type write apis
   See ./READMEs/README.cbor-lecp.md
 - Add COSE key and signing / validation support with huge amount of
   test vectors
    cose_sign[1] ES256/384/512, RS256/384/512
    cose_mac0    HS256/384/512
   See ./READMEs/README.cbor-cose.md
 - JIT Trust: for constrained devices, provides a way to determine the
   trusted CA certs the peer requires, and instantiate just those.
   This allows generic client browsing without the overhead of ~130
   x.509 CA certs in memory permanently.
   See ./READMEs/README.jit-trust.md
 - Add support for client Netscape cookie jar with caching
 - Secure Streams: issue LWSSSCS_EVENT_WAIT_CANCELLED state() when
   lws_cancel_service() called, so cross-thread events can be handled
   in SS
 - Actively assert() on attempt to destroy SS handles still active in
   the call stack, use DESTROY_ME returns instead so caller can choose
   how to handle it.
 - Improved Client Connection Error report strings for tls errors
 - SMP: Use a private fakewsi for PROTOCOL_INIT so pts cannot try to
   use the same one concurrently
 - MbedTLS v3 support for all release changes, as well as retaining
   support for v2.x
 - MQTT client: support QoS2
 - Event lib ops can now be set at context creation time directly,
   bringing full event lib hooking to custom event loops.  See
   minimal-http-server-eventlib-custom
 - Extra APIs to recover AKID and SKID from x.509 in mbedtls and openssl
 - Improve http redirect to handle h2-> h2 cleanly
 - IPv4+6 listen sockets on vhosts are now done with two separate
   sockets bound individually to AF_INET and AF_INET6 addresses,
   handled by the same vhost listen flow.
 - Improved tls restriction handling
 - Log contexts: allow objects to log into local logging contexts, by
   lws_context, vhost, wsi and ss handle.  Each context has its own
   emit function and log level. See ./READMEs/README.logging.md
 - Upgrade compiler checking to default to -Werror -Wall -Wextra
 - Fault injection apis now also support pseudo-random number binding
   within a specified range, eg,
   --fault-injection "f1(10%),f1_delay(123..456)"
 - Remove LWS_WITH_DEPRECATED_THINGS, remove master branch
 - Interface binding now uses ipv6 scoring to select bind address

v4.2.0
======

 - Sai coverage upgrades, 495 builds on 27 platforms, including OSX M1,
   Xenial, Bionic and Focal Ubuntu, Debian Sid and Buster on both 32 and
   64-bit OS, and NetBSD, Solaris, FreeBSD, Windows, ESP32.
   Ctest run on more scenarios including all LWS_WITH_DISTRO_RECOMMENDED.
   More tests use valgrind if available on platform.
 - RFC7231 date and time parsing and retry-after wired up to lws_retry
 - `LWS_WITH_SUL_DEBUGGING` checks that no sul belonging to Secure Streams
   and wsi objects are left registered on destruction
 - Netlink monitoring on Linux dynamically tracks interface address and
   routing changes, and immediately closes connections on invalidated
   routes.
 - RFC6724 DNS results sorting over ipv4 + ipv6 results, according to
   available dynamic route information
 - Support new event library, sdevent (systemd native loop), via
   `LWS_WITH_SDEVENT`
 - Reduce .rodata cost of role structs by making them sparse
 - Additional Secure Streams QA tests and runtime state transition
   validation
 - SMD-over-ss-proxy documentation and helpers to simplify forwarding
 - SSPC stream buffering at proxy and client set from policy by streamtype
 - Trigger Captive Portal Detection if DNS resolution fails
 - Switch all logs related to wsi and Secure Streams to use unique,
   descriptive tags instead of pointers (which may be reallocated)
 - Use NOITCE logging for Secure Streams and wsi lifecycle logging using
   tags
 - Update SSPC serialization to include versioning on initial handshake,
   and pass client pid to proxy so related objects are tagged with it
 - Enable errors on -Wconversion pedantic type-related build issues
   throughout the lws sources and upgrade every affected cast.
 - Windows remove WSA event implementation and replace with WSAPoll, with
   a pair of UDP sockets instead of pipe() for `lws_cancel_service()`
 - `lws_strcmp_wildcard()` helper that understand "x*", "x*y", "x*y*" etc
 - `LWS_WITH_PLUGINS_BUILTIN` cmake option just builds plugins into the main
 library image directly
 - Secure Streams proxy supports policy for flow control between proxy and
 clients
 - libressl also supported along with boringssl, wolfssl
 - prepared for openssl v3 compatibility, for main function and GENCRYPTO
 - Fault injection apis can confirm operation of 48 error paths and counting
 - `LWS_WITH_SYS_METRICS` keeps stats and reports them to user-defined
 function, compatible with openmetrics
 - windows platform knows how to prepare openssl with system trust store certs
 - `LWS_WITH_SYS_CONMON` allows selected client connections to make precise
 measurements of connection performance and DNS results, and report them in a struct
 - New native support for uloop event loop (OpenWRT loop)
 - More options around JWT
 - Support TLS session caching and reuse by default, on both OpenSSL and
 mbedtls
 - Many fixes and improvements...

v4.1.0
======

 - NEW: travis / appveyor / bintray are replaced by Sai
   https://libwebsockets.org/sai/ which for lws currently does 193 builds per
   git push on 16 platforms, all self-hosted.  The homebrew bash scripts used
   to select Minimal examples are replaced by CTest.  Platforms currently
   include Fedora/AMD/GCC, Windows/AMD/mingw32, Windows/AMD/mingw64, Android/
   aarch64/LLVM, esp-idf (on WROVER-KIT and HELTEC physical boards), Fedora/
   RISCV (on QEMU)/GCC, CentOS8/AMD/GCC, Gentoo/AMD/GCC, Bionic/AMD/GCC,
   Linkit 7697, Focal/AMD/GCC, Windows (on QEMU)/AMD/MSVC,
   Focal/aarch64-RPI4/GCC, iOS/aarch64/LLVM and OSX/AMD/LLVM.

 - NEW: The single CMakeLists.txt has been refactored and modernized into smaller
 CMakeLists.txt in the subdirectory along with the code that is being managed
 for build by it.  Build options are still listed in the top level as before
 but the new way is much more maintainable.

 - NEW: event lib support on Unix is now built into dynamically loaded plugins
 and brought in at runtime, allowing all of the support to be built in
 isolation without conflicts, and separately packaged with individual
 dependencies.  See ./READMEs/event-libs.md for details and how to force
 the old static build into lws method.

 - NEW: Captive Portal Detection.  Lws can determine if the active default
 route is able to connect to the internet, or is in a captive portal type
 situation, by trying to connect to a remote server that will respond in an
 unusual way, like provide a 204.

 - NEW: Secure streams: Support system trust store if it exists
                        Build on Windows
                        Support lws raw socket protocol in SS
                        Support Unix Domain Socket transport

 - NEW: Windows: Support Unix Domain Sockets same as other platforms

 - NEW: Windows: Build using native pthreads, async dns, ipv6 on MSVC

 - NEW: lws_struct: BLOB support

 - NEW: lws_sul: Now provides two sorted timer domains, a default one as
 before, and another whose scheduled events are capable to wake the system from suspend

 - NEW: System Message Distribution: lws_smd provides a very lightweight way
 to pass short messages between subsystems both in RTOS type case where the
 subsystems are all on the lws event loop, and in the case participants are in
 different processes, using Secure Streams proxying.   Participants register a bitmap
 of message classes they care about; if no particpant cares about a particular message,
 it is rejected at allocation time for the sender, making it cheap to provide messages
 speculatively.  See lib/system/smd/README.md for full details.

 - NEW: lws_drivers: wrappers for SDK driver abstractions (or actual drivers)
                 See lib/drivers/README.md, example implementations
                 minimal-examples/embedded/esp32/esp-wrover-kit
                     - generic gpio
                     - generic LED (by name)    lib/drivers/led/README.md
                     - generic PWM, sophisticated interpolated table
                                    sequencers with crossfade  
                     - generic button (by name), with debounce and press classification
                                       emitting rich SMD click, long-click, double-click,
                                       down, repeat, up JSON messages
                                       lib/drivers/button/README.md
                     - bitbang i2c on generic gpio (hw support can use same
                                       abstract API)
                     - bitbang spi on generic gpio (hw support can use same
                                       abstract API)
                     - generic display object, can be wired up to controller
                                  drivers that hook up by generic i2c or spi,
                                  generic backlight PWM sequencing and
                                  blanking timer support
                     - generic settings storage: get and set blobs by name
                     - generic network device: netdev abstract class with
                                               WIFI / Ethernet implementations
                                               using underlying SDK APIs;
                                               generic 80211 Scan managements
                                               and credentials handling via
                                               lws_settings
                     This is the new way to provide embedded platform
                     functionality that was in the past done like
                     esp32-factory.  Unlike the old way, the new way has no
                     native apis in it and can be built on other SDK / SoCs
                     the same.

 - NEW: Security-aware JWS JWT (JSON Web Tokens) apis are provided on top of the existing
 JOSE / JWS apis.  All the common algorithms are available along with some
 high level apis like lws http cookie -> JWT struct -> lws http cookie.

 - REMOVED: esp32-helper and friends used by esp32-factory now lws_drivers
 exists

 - REMOVED: generic sessions and friends now JWT is provided

v4.0.0
======

 - NEW: Lws is now under the MIT license, see ./LICENSE for details
 
 - NEW: GLIB native event loop support, lws + gtk example

 - NEW: native lws MQTT client... supports client stream binding like h2 when
   multiple logical connections are going to the same endpoint over MQTT, they
   transparently and independently share the one connection + tls tunnel
 
 - NEW: "Secure Streams"... if you are making a device with client connections
   to the internet or cloud, this allows separation of the communications
   policy (endpoints, tls cert validation, protocols, etc) from the code, with
   the goal you can combine streams, change protocols and cloud provision, and
   reflect that in the device's JSON policy document without having to change
   any code.

 - NEW: lws_system: New lightweight and efficient Asynchronous DNS resolver
   implementation for both A and AAAA records, supports recursive (without
   recursion in code) lookups, caching, and getaddrinfo() compatible results
   scheme (from cache directly without per-consumer allocation).  Able to
   perform DNS lookups without introducing latency in the event loop.

 - NEW: lws_system: ntpclient implementation with interface for setting system
   time via lws_system ops
 
 - NEW: lws_system: dhcpclient implementation
 
 - NEW: Connection validity tracking, autoproduce PING/PONG for protocols that
   support it if not informed that the connection has passed data in both
   directions recently enough

 - NEW: lws_retry: standardized exponential backoff and retry timing based
   around backoff table and lws_sul

 - NEW: there are official public helpers for unaligned de/serialization of all
   common types, see eh, lws_ser_wu16be() in include/libwebsockets/lws-misc.h

 - NEW: lws_tls_client_vhost_extra_cert_mem() api allows attaching extra certs
   to a client vhost from DER in memory
   
 - NEW: lws_system: generic blobs support passing auth tokens, per-connection
   client certs etc from platform into lws

 - NEW: public helpers to consume and produce ipv4/6 addresses in a clean way,
   along with lws_sockaddr46 type now public.  See eg, lws_sockaddr46-based
   lws_sa46_parse_numeric_address(), lws_write_numeric_address()
   in include/libwebsockets/lws-network-helper.h

 - Improved client redirect handling, h2 compatibility
 
 - NEW: lwsac: additional features for constant folding support (strings that
   already are in the lwsac can be pointed to without copying again), backfill
   (look for gaps in previous chunks that could take a new use size), and
   lwsac_extend() so last use() can attempt to use more unallocated chunk space

 - NEW: lws_humanize: apis for reporting scalar quanties like 1234 as "1.234KB"
   with the scaled symbol strings passed in by caller

 - NEW: freertos: support lws_cancel_service() by using UDP pair bound to lo,
   since it doesn't have logical pipes

 - NEW: "esp32" plat, which implemented freertos plat compatibility on esp32, is
   renamed to "freertos" plat, targeting esp32 and other freertos platforms

 - NEW: base64 has an additional api supporting stateful decode, where the input
   is not all in the same place at the same time and can be processed
   incrementally

 - NEW: lws ws proxy: support RFC8441
   
 - NEW: lws_spawn_piped apis: generic support for vforking a process with child
   wsis attached to its stdin, stdout and stderr via pipes.  When processes are
   reaped, a specified callback is triggered.  Currently Linux + OSX.
   
 - NEW: lws_fsmount apis: Linux-only overlayfs mount and unmount management for
   aggregating read-only layers with disposable, changeable upper layer fs

 - Improvements for RTOS / small build case bring the footprint of lws v4 below
   that of v3.1 on ARM 
   
 - lws_tokenize: flag specifying # should mark rest of line as comment

 - NEW: minimal example for integrating libasound / alsa via raw file

 - lws_struct: sqlite and json / lejp translation now usable


v3.2.0
======

 - This is the last planned release under LGPLv2+SLE.  It's not planned to be
   maintained like previous releases, please switch to master for the latest
   stuff or continue to use v3.1-stable until the next release under the
   new MIT license.

 - NEW: completely refactored scheduler with a unified, sorted us-resolution
   linked-list implementation.  All polled checks like timeout are migrated
   to use the new timers, which also work on the event lib implementations.
   Faster operation, us-resolution timeouts and generic scheduled callbacks
   from the event loop.

 - NEW: lws_dsh specialized buffer memory allocator that can borrow space
   from other cooperating buffers on the same list.

 - NEW: lws_sequencer allows managing multi-connection processes and
   retries

 - NEW: memory buffer cert support

 - NEW: LWS_WITH_NETWORK in CMake... can be configured without any network-
   related code at all

 - NEW: builds on QNX 6.5 and SmartOS

 - NEW: JOSE / JWK / JWS / JWE support, for all common ciphers and algs,
   works on OpenSSL and mbedtls backends

 - NEW: gencrypto now has genaes and genec in addition to genrsa, works
   on OpenSSL and mbedtls backends

 - NEW: raw_proxy role

 - NEW: Basic Auth works on ws connections

 - CHANGE: REMOVED: LWS_WITH_GENRSA, LWS_WITH_GENHASH, LWS_WITH_GENEC,
 LWS_WITH_GENAES have all been removed and combined into LWS_WITH_GENCRYPTO

 - CHANGE: REMOVED: LWS_WITH_JWS, LWS_WITH_JWE have been removed and combined
 into LWS_WITH_JOSE

v3.1.0
======

 - CHANGE: REMOVED: lws_client_connect() and lws_client_connect_extended()
   compatibility apis for lws_client_connect_via_info() have been marked as
   deprecated for several versions and are now removed.  Use
   lws_client_connect_via_info() directly instead.

 - CHANGE: CMAKE:
     - LWS_WITH_HTTP2:         now defaults ON

 - CHANGE: Minimal examples updated to use Content Security Policy best
   practices, using
   `LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE` vhost
   option flag and disabling of inline style and scripts.  A side-effect of
   this is that buffers used to marshal headers have to be prepared to take
   more content than previously... LWS_RECOMMENDED_MIN_HEADER_SPACE (2048
   currently) is available for user (and internal) use to logically tie the
   buffer size to this usecase (and follow future increases).

 - NEW: CMAKE
     - LWS_FOR_GITOHASHI: sets various cmake options suitable for gitohashi
     - LWS_WITH_ASAN: for Linux, enable build with ASAN

     Don't forget LWS_WITH_DISTRO_RECOMMENDED, which enables a wide range of lws
     options suitable for a distro build of the library.
     
 - NEW: lws threadpool - lightweight pool of pthreads integrated to lws wsi, with
   all synchronization to event loop handled internally, queue for excess tasks
   [threadpool docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/threadpool)
   [threadpool minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/ws-server/minimal-ws-server-threadpool)
   Cmake config: `-DLWS_WITH_THREADPOOL=1`

 - NEW: libdbus support integrated on lws event loop
   [lws dbus docs](https://libwebsockets.org/git/libwebsockets/tree/lib/roles/dbus)
   [lws dbus client minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/dbus-client)
   [lws dbus server minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/dbus-server)
   Cmake config: `-DLWS_ROLE_DBUS=1`

 - NEW: lws allocated chunks (lwsac) - helpers for optimized mass allocation of small
   objects inside a few larger malloc chunks... if you need to allocate a lot of
   inter-related structs for a limited time, this removes per-struct allocation
   library overhead completely and removes the need for any destruction handling
   [lwsac docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/lwsac)
   [lwsac minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-lwsac)
   Cmake Config: `-DLWS_WITH_LWSAC=1`

 - NEW: lws tokenizer - helper api for robustly tokenizing your own strings without
   allocating or adding complexity.  Configurable by flags for common delimiter
   sets and comma-separated-lists in the tokenizer.  Detects and reports syntax
   errors.
   [lws_tokenize docs](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-tokenize.h)
   [lws_tokenize minimal example / api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-lws_tokenize)

 - NEW: lws full-text search - optimized trie generation, serialization,
   autocomplete suggestion generation and instant global search support extensible
   to huge corpuses of UTF-8 text while remaining super lightweight on resources.
   [full-text search docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/fts)
   [full-text search minimal example / api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-fts)
   [demo](https://libwebsockets.org/ftsdemo/)
   [demo sources](https://libwebsockets.org/git/libwebsockets/tree/plugins/protocol_fulltext_demo.c)
   Cmake config: `-DLWS_WITH_FTS=1 -DLWS_WITH_LWSAC=1`

 - NEW: gzip + brotli http server-side compression - h1 and h2 automatic advertising
   of server compression and application to files with mimetypes "text/*",
   "application/javascript" and "image/svg.xml".
   Cmake config: `-DLWS_WITH_HTTP_STREAM_COMPRESSION=1`, `-DLWS_WITH_HTTP_BROTLI=1`

 - NEW: managed disk cache - API for managing a directory containing cached files
   with hashed names, and automatic deletion of LRU files once the cache is
   above a given limit.
   [lws diskcache docs](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-diskcache.h)
   Cmake config: `-DLWS_WITH_DISKCACHE=1`

 - NEW: http reverse proxy - lws mounts support proxying h1 or h2 requests to
   a local or remote IP, or unix domain socket over h1.  This allows microservice
   type architectures where parts of the common URL space are actually handled
   by external processes which may be remote or on the same machine.
   [lws gitohashi serving](https://libwebsockets.org/git/) is handled this way.
   CMake config: `-DLWS_WITH_HTTP_PROXY=1`
   
 - NEW: lws_buflist - internally several types of ad-hoc malloc'd buffer have
   been replaced by a new, exported api `struct lws_buflist`.  This allows
   multiple buffers to be chained and drawn down in strict FIFO order.

 - NEW: In the case of h1 upgrade, the connection header is checked to contain
   "upgrade".   The vhost flag LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK
   also causes the Host: header to be confirmed to match the vhost name and
   listen port.
   
 - NEW: If no 404 redirect for `lws_return_http_status()` is specified for the vhost,
   the status page produced will try to bring in a stylesheet `/error.css`.  This allows
   you to produce styled 404 or other error pages with logos, graphics etc.  See
   https://libwebsockets.org/git/badrepo for an example of what you can do with it.

v3.0.0
======

 - CHANGE: Clients used to call LWS_CALLBACK_CLOSED same as servers...
   LWS_CALLBACK_CLIENT_CLOSED has been introduced and is called for clients
   now.
   
 - CHANGE: LWS_CALLBACK_CLIENT_CONNECTION_ERROR used to only be directed at
   protocols[0].  However in many cases, the protocol to bind to was provided
   at client connection info time and the wsi bound accordingly.  In those
   cases, CONNECTION_ERROR is directed at the bound protocol, not protcols[0]
   any more.

 - CHANGE: CMAKE: the following cmake defaults have changed with this version:
 
     - LWS_WITH_ZIP_FOPS:      now defaults OFF
     - LWS_WITH_RANGES:        now defaults OFF
     - LWS_WITH_ZLIB:          now defaults OFF
     - LWS_WITHOUT_EXTENSIONS: now defaults ON
     
 - CHANGE: REMOVED: lws_alloc_vfs_file() (read a file to malloc buffer)
 
 - CHANGE: REMOVED: lws_read() (no longer useful outside of lws internals)
 
 - CHANGE: REMOVED: ESP8266... ESP32 is now within the same price range and much
   more performant
   
 - CHANGE: soname bump... don't forget to `ldconfig`
     
 - NEW: all event libraries support "foreign" loop integration where lws itself
   if just a temporary user of the loop unrelated to the actual loop lifecycle.
   
   See `minimal-http-server-eventlib-foreign` for example code demonstrating
   this for all the event libraries.
   
   Internal loop in lws is also supported and demonstrated by
   `minimal-http-server-eventlib`.
 
 - NEW: ws-over-h2 support.  This is a new RFC-on-the-way supported by Chrome
   and shortly firefox that allows ws connections to be multiplexed back to the
   server on the same tcp + tls wrapper h2 connection that the html and scripts
   came in on.  This is hugely faster that discrete connections.
 
 - NEW: UDP socket adoption and related event callbacks
 
 - NEW: Multi-client connection binding, queuing and pipelining support.
 
   Lws detects multiple client connections to the same server and port, and
   optimizes how it handles them according to the server type and provided
   flags.  For http/1.0, all occur with individual parallel connections.  For
   http/1.1, you can enable keepalive pipelining, so the connections occur
   sequentially on a single network connection.  For http/2, they all occur
   as parallel streams within a single h2 network connection.
   
   See minimal-http-client-multi for example code. 
   
 - NEW: High resolution timer API for wsi, get a callback on your wsi with
   LWS_CALLBACK_TIMER, set and reset the timer with lws_set_timer_usecs(wsi, us)
   Actual resolution depends on event backend.  Works with all backends, poll,
   libuv, libevent, and libev.
   
 - NEW: Protocols can arrange vhost-protocol instance specific callbacks with
   second resolution using `lws_timed_callback_vh_protocol()`

 - NEW: ACME client plugin for self-service TLS certificates
  
 - NEW: RFC7517 JSON Web Keys RFC7638 JWK thumbprint, and RFC7515 JSON Web
    signatures support
  
 - NEW: lws_cancel_service() now provides a generic way to synchronize events
   from other threads, which appear as a LWS_CALLBACK_EVENT_WAIT_CANCELLED
   callback on all protocols.  This is compatible with all the event libraries.

 - NEW: support BSD poll() where changes to the poll wait while waiting are
   undone.

 - NEW: Introduce generic hash, hmac and RSA apis that operate the same
   regardless of OpenSSL or mbedTLS tls backend
  
 - NEW: Introduce X509 element query api that works the same regardless of
   OpenSSL or mbedTLS tls backend
    
 - NEW: Introduce over 30 "minimal examples" in ./minimal-examples... these
   replace most of the old test servers
   
    - test-echo -> minimal-ws-server-echo and minimal-ws-client-echo

    - test-server-libuv / -libevent / -libev ->
         minimal-https-server-eventlib / -eventlib-foreign / -eventlib-demos

    - test-server-v2.0 -> folded into all the minimal servers

    - test-server direct http serving -> minimal-http-server-dynamic
    
   The minimal examples allow individual standalone build using their own
   small CMakeLists.txt.
   
 - NEW: lws now detects any back-to-back writes that did not go through the
   event loop inbetween and reports them.  This will flag any possibility of
   failure rather than wait until the problem happens.
   
 - NEW: CMake has LWS_WITH_DISTRO_RECOMMENDED to select features that are
   appropriate for distros
   
 - NEW: Optional vhost URL `error_document_404` if given causes a redirect there
   instead of serve the default 404 page.
   
 - NEW: lws_strncpy() wrapper guarantees NUL in copied string even if it was
   truncated to fit.
   
 - NEW: for client connections, local protocol binding name can be separated
   from the ws subprotocol name if needed, using .local_protocol_name

 - NEW: Automatic detection of time discontiguities
   
 - NEW: Applies TCP_USER_TIMEOUT for Linux tcp keepalive where available
     
 - QA: 1600 tests run on each commit in Travis CI, including almost all
   Autobahn in client and server mode, various h2load tests, h2spec, attack.sh
   the minimal example selftests and others.

 - QA: fix small warnings introduced on gcc8.x (eg, Fedora 28)
 
 - QA: Add most of -Wextra on gcc (-Wsign-compare, -Wignored-qualifiers,
   -Wtype-limits, -Wuninitialized)
   
 - QA: clean out warnings on windows
 
 - QA: pass all 146 h2spec tests now on strict
 
 - QA: introduce 35 selftests that operate different minimal examples against
   each other and confirm the results.
 
 - QA: LWS_WITH_MINIMAL_EXAMPLES allows mass build of all relevant minimal-
   examples with the LWS build, for CI and to make all the example binaries
   available from the lws build dir ./bin
 
 - REFACTOR: the lws source directory layout in ./lib has been radically
   improved, and there are now README.md files in selected subdirs with extra
   documentation of interest to people working on lws itself.

 - REFACTOR: pipelined transactions return to the event loop before starting the
   next part. 
 
 - REFACTOR: TLS: replace all TLS library constants with generic LWS ones and
   adapt all the TLS library code to translate to these common ones.
   
   Isolated all the tls-related private stuff in `./lib/tls/private.h`, and all
   the mbedTLS stuff in `./lib/tls/mbedtls` + openSSL stuff in
   `./lib/tls/openssl`
   
 - REFACTOR: the various kinds of wsi possible with lws have been extracted
   from the main code and isolated into "roles" in `./lib/roles` which
   communicate with the core code via an ops struct.  Everything related to
   ah is migrated to the http role.
   
   wsi modes are eliminated and replaced by the ops pointer for the role the
   wsi is performing.  Generic states for wsi are available to control the
   lifecycle using core code.
   
   Adding new "roles" is now much easier with the changes and ops struct to
   plug into.

 - REFACTOR: reduce four different kinds of buffer management in lws into a
   generic scatter-gather struct lws_buflist. 

 - REFACTOR: close notifications go through event loop


v2.4.0
======

 - HTTP/2 server support is now mature and usable!  LWS_WITH_HTTP2=1 enables it.
   Uses ALPN to serve HTTP/2, HTTP/1 and ws[s] connections all from the same
   listen port seamlessly.  (Requires ALPN-capable OpenSSL 1.1 or mbedTLS).

 - LWS_WITH_MBEDTLS=1 at CMake now builds and works against mbedTLS instead of
   OpenSSL.  Most things work identically, although on common targets where
   OpenSSL has acceleration, mbedTLS is many times slower in operation.  However
   it is a lot smaller codewise.
   
 - Generic hash apis introduced that work the same on mbedTLS or OpenSSL backend
 
 - LWS_WITH_PEER_LIMITS tracks IPs across all vhosts and allows restrictions on
   both the number of simultaneous connections and wsi in use for any single IP

 - lws_ring apis provide a generic single- or multi-tail ringbuffer... mirror
   protocol now uses this.  Features include ring elements may be sized to fit
   structs in the ringbuffer, callback when no tail any longer needs an element
   and it can be deleted, and zerocopy options to write new members directly
   into the ringbuffer, and use the ringbuffer element by address too.
 
 - abstract ssh 2 server plugin included, with both plugin and standalone
   demos provided.  You can bind the plugin to a vhost and also serve full-
   strength ssh from the vhost.  IO from the ssh server is controlled by an
   "ops" struct of callbacks for tx, rx, auth etc.
   
 - Many fixes, cleanups, source refactors and other improvements.


v2.3.0
======

 - ESP32 OpenSSL support for client and server

 - ESP32 4 x WLAN credential slots may be configured

 - Libevent event loop support

 - SOCKS5 proxy support

 - lws_meta protocol for websocket connection multiplexing

 - lws_vhost_destroy() added... allows dynamic removal of listening
   vhosts.  Vhosts with shared listen sockets adopt the listen socket
   automatically if the owner is destroyed.

 - IPv6 on Windows

 - Improved CGI handling suitable for general CGI scripting, eg, PHP

 - Convert even the "old style" test servers to use statically included
   plugin sources

 - LWS_WITH_STATS cmake option dumps resource usage and timing information
   every few seconds to debug log, including latency information about
   delay from asking for writeable callback to getting it

 - Large (> 2GB) files may be served

 - LWS_WITH_HTTP_PROXY Cmake option adds proxying mounts

 - Workaround for libev build by disabling -Werror on the test app

 - HTTP2 support disabled since no way to serve websockets on it


v2.2.0
======

Major new features

 - A mount can be protected by Basic Auth... in lwsws it looks like this

 ```
{
        "mountpoint": "/basic-auth",
        "origin": "file://_lws_ddir_/libwebsockets-test-server/private",
        "basic-auth": "/var/www/balogins-private"
}
```

The text file named in `basic-auth` contains user:password information
one per line.

See README.lwsws.md for more information.

 - RFC7233 RANGES support in lws server... both single and multipart.
 This allows seeking for multimedia file serving and download resume.
 It's enabled by default but can be disabled by CMake option.

 - On Linux, lwsws can reload configuration without dropping ongoing
 connections, when sent a SIGHUP.  The old configuration drops its
 listen sockets so the new configuration can listen on them.
 New connections connect to the server instance with the new
 configuration.  When all old connections eventually close, the old
 instance automatically exits.  This is equivalent to
 `systemctl reload apache`

 - New `adopt` api allow adoption including SSL negotiation and
 for raw sockets and file descriptors.

 - Chunked transfer encoding supported for client and server

 - Adaptations to allow operations inside OPTEE Secure World

 - ESP32 initial port - able to do all test server functions. See
 README.build.md

 - Serving gzipped files from inside a ZIP file is supported... this
 includes directly serving the gzipped content if the client
 indicated it could accept it (ie, almost all browsers) saving
 bandwidth and time.  For clients that can't accept it, lws
 automatically decompresses and serves the content in memory-
 efficient chunks. Only a few hundred bytes of heap are needed
 to serve any size file from inside the zip.  See README.coding.md

 - RAW file descriptors may now be adopted into the lws event loop,
 independent of event backend (including poll service).
 See README.coding.md

 - RAW server socket descriptors may now be enabled on the vhost if
 the first thing sent on the connection is not a valid http method.
 The user code can associate these with a specific protocol per
 vhost, and RAW-specific callbacks appear there for creation, rx,
 writable and close.  See libwebsockets-test-server-v2.0 for an example.
 See README.coding.md

 - RAW client connections are now possible using the method "RAW".
 After connection, the socket is associated to the protocol
 named in the client connection info and RAW-specific callbacks
 appear there for creation, rx, writable and close.
 See libwebsockets-test-client (with raw://) for an example.
 See README.coding.md


(for earlier changelogs, see the tagged releases)