Releases: vapor/vapor
4.92.5 - Fix some Sendable warnings on 5.10
What's Changed
Fix some Sendable warnings on 5.10 by @sidepelican in #3158
Fix a number of warnings in Swift 5.10 like below.
Fix simple issues that can be addressed by simply adding
Sendable
.
New Contributor
- @sidepelican made their first contribution in #3158 π
This patch was released by @0xTim
Full Changelog: 4.92.4...4.92.5
4.92.4 - Allow `HTTPServer`'s configuration to be dynamically updatable
What's Changed
Allow HTTPServer
's configuration to be dynamically updatable by @dimitribouniol in #3132
This allows many aspects of the HTTP server configuration to be changed after the server starts without needing to stop and restart it, or drop existing connections in the process.
Some things that can now be re-configured include request/response configuration options, HTTP version support, HTTP pipelining, TLS configuration (ie. enabling/disabling, rotating certificates, etcβ¦), server name, metrics reporting, the logger, and the shutdown timer.
Fixes #3130.
New Contributor
- @dimitribouniol made their first contribution in #3132 π
This patch was released by @0xTim
Full Changelog: 4.92.3...4.92.4
4.92.3 - Fix issue when client disconnects midway through a stream
What's Changed
Fix issue when client disconnects midway through a stream by @0xTim in #3102
Fixes an issue when a client disconnects mid way through streaming a request in a Swift concurrency context. In certain cases this would trigger a de-init off the event loop, leading to a crash.
This fixes the issue by using a lock instead of a loop bound wrapper
Reviewers
Thanks to the reviewers for their help:
This patch was released by @0xTim
Full Changelog: 4.92.2...4.92.3
4.92.2 - Fix handling of "flag" URL query params
What's Changed
Fix handling of "flag" URL query params by @gwynne in #3151
Flag query parameters (e.g.
/foo?bar&baz
) were broken by 4.75.0, and apparently no one noticed for quite awhile. They now work again. Many thanks to @daveanderson for reporting this!Fixes #3150.
This patch was released by @gwynne
Full Changelog: 4.92.1...4.92.2
4.92.1 - Fix URI handling with multiple slashes and variable components.
What's Changed
Fix URI handling with multiple slashes and variable components. by @gwynne in #3143
Resolves some more subtle remaining issues in how
URI
is handled with respect to HTTP requests.Fixes #3142.
This patch was released by @gwynne
Full Changelog: 4.92.0...4.92.1
4.92.0 - Fix broken URI behaviors
What's Changed
Fix broken URI behaviors by @gwynne in #3140
Numerous issues have arisen with the changes made to
URI
as a result of the fix for GHSA-r6r4-5pr8-gjcp. This update fixes all known issues and restores several changedURI
behaviors (although, quite deliberately, not all of them), including new tests. Fixes #3133, #3135, #3137, and #3138.Also addresses
Sendable
warnings inContentEncoder
,ContentDecoder
,ContentContainer
,PlaintextDecoder
,PlaintextEncoder
,URLQueryDecoder
,URLQueryEncoder
,URLQueryContainer
,URLEncodedFormDecoder
, andURLEncodedFormEncoder
.Shoutout to @weissi, @grahamburgsma, and @finestructure for their help tracking down the various problems, thank you all!
Reviewers
Thanks to the reviewers for their help:
This patch was released by @gwynne
Full Changelog: 4.91.1...4.92.0
4.91.1 - Update routing-kit version
What's Changed
Update routing-kit version by @marius-se in #3131
Update routing-kit version to get
Equatable
conformance forPathComponent
sRelated to vapor/routing-kit#129
and swift-server/swift-openapi-vapor#13 (comment)
New Contributor
- @marius-se made their first contribution in #3131 π
This patch was released by @gwynne
Full Changelog: 4.91.0...4.91.1
4.91.0 - Use `singleton` `EventLoopGroup`
What's Changed
Use singleton
EventLoopGroup
by @MahdiBM in #3128
Use the new
singleton
EventLoopGroup
for more convenient and sometimes more performant APIs.
Reviewers
Thanks to the reviewers for their help:
This patch was released by @MahdiBM
Full Changelog: 4.90.0...4.91.0
4.90.0
This release fixes a long standing issue in Vapor's URI parsing if users attempt to parse untrusted input that could lead to potential host spoofing. This was caused by using a C implementation with a uint16_t
index with no bounds checking. For more details see the security advisory GHSA-qvxg-wjxc-r4gg.
This vulnerability has been designated as CVE-2024-21631. Thank you to baarde for reporting!
4.89.3 - Fix setting public folder for `FileMiddleware` when using bundles
What's Changed
Fix setting public folder for FileMiddleware
when using bundles by @grantjbutler in #3113
This PR fixes an issue where, if you provided a subfolder within a bundleβs resources, the wrong path would be provided to the
FileMiddleware
, causing the resources to not be loaded.For example, given a bundle with the following structure:
App.app/ βββ Contents/ βββ MacOS/ β βββ App βββ Resources/ βββ web-app/ βββ Public βββ index.html
If you tried to create an instance of
FileMiddleware
that tried to useweb-app/Public/
as the folder to serve files from,FileMiddleware
would incorrectly use the resource path of the bundle (App.app/Resources/
) instead of the full path to the specified folder (App.app/Resources/web-app/Public/
).
New Contributor
- @grantjbutler made their first contribution in #3113 π
This patch was released by @gwynne
Full Changelog: 4.89.2...4.89.3