💧 A server-side Swift HTTP web framework.
Fix typos across the codebase by @mrs1669 in #3162
Fixes a number of typos in the codebase.
⚠️ the logger for loading environment files now has the correctly spelt label -
dot-env-logger
if you need to search for that
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.92.5...4.92.6
Fix some Sendable warnings on 5.10 by @sidepelican in #3158
Fix a number of warnings in Swift 5.10 like below.
Fix simple issues that can be addressed by simply adding
Sendable
.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.4...4.92.5
Allow HTTPServer
's configuration to be dynamically updatable by @dimitribouniol in #3132
This allows many aspects of the HTTP server configuration to be changed after the server starts without needing to stop and restart it, or drop existing connections in the process.
Some things that can now be re-configured include request/response configuration options, HTTP version support, HTTP pipelining, TLS configuration (ie. enabling/disabling, rotating certificates, etc…), server name, metrics reporting, the logger, and the shutdown timer.
Fixes #3130.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.3...4.92.4
Fix issue when client disconnects midway through a stream by @0xTim in #3102
Fixes an issue when a client disconnects mid way through streaming a request in a Swift concurrency context. In certain cases this would trigger a de-init off the event loop, leading to a crash.
This fixes the issue by using a lock instead of a loop bound wrapper
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.92.2...4.92.3
Fix handling of "flag" URL query params by @gwynne in #3151
Flag query parameters (e.g.
/foo?bar&baz
) were broken by 4.75.0, and apparently no one noticed for quite awhile. They now work again. Many thanks to @daveanderson for reporting this!Fixes #3150.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.1...4.92.2
Fix URI handling with multiple slashes and variable components. by @gwynne in #3143
Resolves some more subtle remaining issues in how
URI
is handled with respect to HTTP requests.Fixes #3142.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.0...4.92.1
Fix broken URI behaviors by @gwynne in #3140
Numerous issues have arisen with the changes made to
URI
as a result of the fix for https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp. This update fixes all known issues and restores several changedURI
behaviors (although, quite deliberately, not all of them), including new tests. Fixes #3133, #3135, #3137, and #3138.Also addresses
Sendable
warnings inContentEncoder
,ContentDecoder
,ContentContainer
,PlaintextDecoder
,PlaintextEncoder
,URLQueryDecoder
,URLQueryEncoder
,URLQueryContainer
,URLEncodedFormDecoder
, andURLEncodedFormEncoder
.Shoutout to @weissi, @grahamburgsma, and @finestructure for their help tracking down the various problems, thank you all!
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.91.1...4.92.0
Update routing-kit version by @marius-se in #3131
Update routing-kit version to get
Equatable
conformance forPathComponent
sRelated to https://github.com/vapor/routing-kit/pull/129 and https://github.com/swift-server/swift-openapi-vapor/pull/13#issuecomment-1879752829
Full Changelog: https://github.com/vapor/vapor/compare/4.91.0...4.91.1
Use singleton
EventLoopGroup
by @MahdiBM in #3128
Use the new
singleton
EventLoopGroup
for more convenient and sometimes more performant APIs.
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.90.0...4.91.0
⚠️ Security Update ⚠️
This release fixes a long standing issue in Vapor's URI parsing if users attempt to parse untrusted input that could lead to potential host spoofing. This was caused by using a C implementation with a uint16_t
index with no bounds checking. For more details see the security advisory GHSA-qvxg-wjxc-r4gg.
This vulnerability has been designated as CVE-2024-21631. Thank you to baarde for reporting!