- Fixed high‑severity CVE‑2021‑22931: added proper validation of atypical characters in DNS hostnames to prevent RCE, XSS and domain hijacking.
- Patched high‑severity CVE‑2021‑22940: resolved a use‑after‑free vulnerability in HTTP/2 stream cancellation handling.
- Corrected low‑severity CVE‑2021‑22939: validated "rejectUnauthorized" parameter when undefined to reject expired certificates.