Bump version to 0.16.0

njsmith · njsmith · commit 9c9567f0a92d · 2025-04-23T20:16:40.000-07:00
diff --git a/docs/source/changes.rst b/docs/source/changes.rst
@@ -5,7 +5,19 @@ History of changes
 
 .. towncrier release notes start
 
-H11 0.14.0 (2025-04-23)
+H11 0.16.0 (2025-04-23)
+-----------------------
+
+Security fix
+~~~~~~~~~~~~
+
+Reject certain malformed `Transfer-Encoding: chunked` bodies that were previously accepted. These could have enabled request-smuggling attacks when an h11-based HTTP server was placed behind a load balancer with a matching bug in its `chunked` handling.
+
+Advisory with more details: https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
+
+Reported by: Jeppe Bonde Weikop
+
+H11 0.15.0 (2025-04-23)
 -----------------------
 
 Bugfixes
diff --git a/h11/_version.py b/h11/_version.py
@@ -13,4 +13,4 @@
 # want. (Contrast with the special suffix 1.0.0.dev, which sorts *before*
 # 1.0.0.)
 
-__version__ = "0.15.0"
+__version__ = "0.16.0"
