Changes
1.24.1 - 2025-05-26
- fix: remove unused variable warning in hackney.erl
1.24.0 - 2025-05-26
- security: fix basic auth credential exposure vulnerability
- security: add application variable support for insecure_basic_auth
- fix: NXDOMAIN error in Docker Compose environments (issue #764)
- fix: stream_body timeout after first chunk (issue #762)
- fix: SSL hostname verification with custom ssl_options and SSL message leak in async streaming
- fix: pool connections not freed on 307 redirects and multiple pool/timer race conditions
- fix: socket leaks, process deadlocks, ETS memory leaks, and infinite gen_server calls
- fix: controlling_process error handling in happy eyeballs and connection pool return
- improvement: update GitHub Actions to ubuntu-22.04 and bump certifi/mimerl dependencies
Breaking Change
The new insecure_basic_auth application variable defaults to false for security.
If your application relies on insecure basic auth over HTTP, you must explicitly set
application:set_env(hackney, insecure_basic_auth, true) to maintain previous behavior.
Hex.pm : https://hex.pm/packages/hackney/1.24.1
Doc: https://hexdocs.pm/hackney/readme.html