π§ A server-side Swift HTTP web framework.
Fix some Sendable warnings on 5.10 by @sidepelican in #3158
Fix a number of warnings in Swift 5.10 like below.
Fix simple issues that can be addressed by simply adding
Sendable
.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.4...4.92.5
Allow HTTPServer
's configuration to be dynamically updatable by @dimitribouniol in #3132
This allows many aspects of the HTTP server configuration to be changed after the server starts without needing to stop and restart it, or drop existing connections in the process.
Some things that can now be re-configured include request/response configuration options, HTTP version support, HTTP pipelining, TLS configuration (ie. enabling/disabling, rotating certificates, etcβ¦), server name, metrics reporting, the logger, and the shutdown timer.
Fixes #3130.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.3...4.92.4
Fix issue when client disconnects midway through a stream by @0xTim in #3102
Fixes an issue when a client disconnects mid way through streaming a request in a Swift concurrency context. In certain cases this would trigger a de-init off the event loop, leading to a crash.
This fixes the issue by using a lock instead of a loop bound wrapper
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.92.2...4.92.3
Fix handling of "flag" URL query params by @gwynne in #3151
Flag query parameters (e.g.
/foo?bar&baz
) were broken by 4.75.0, and apparently no one noticed for quite awhile. They now work again. Many thanks to @daveanderson for reporting this!Fixes #3150.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.1...4.92.2
Fix URI handling with multiple slashes and variable components. by @gwynne in #3143
Resolves some more subtle remaining issues in how
URI
is handled with respect to HTTP requests.Fixes #3142.
Full Changelog: https://github.com/vapor/vapor/compare/4.92.0...4.92.1
Fix broken URI behaviors by @gwynne in #3140
Numerous issues have arisen with the changes made to
URI
as a result of the fix for https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp. This update fixes all known issues and restores several changedURI
behaviors (although, quite deliberately, not all of them), including new tests. Fixes #3133, #3135, #3137, and #3138.Also addresses
Sendable
warnings inContentEncoder
,ContentDecoder
,ContentContainer
,PlaintextDecoder
,PlaintextEncoder
,URLQueryDecoder
,URLQueryEncoder
,URLQueryContainer
,URLEncodedFormDecoder
, andURLEncodedFormEncoder
.Shoutout to @weissi, @grahamburgsma, and @finestructure for their help tracking down the various problems, thank you all!
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.91.1...4.92.0
Update routing-kit version by @marius-se in #3131
Update routing-kit version to get
Equatable
conformance forPathComponent
sRelated to https://github.com/vapor/routing-kit/pull/129 and https://github.com/swift-server/swift-openapi-vapor/pull/13#issuecomment-1879752829
Full Changelog: https://github.com/vapor/vapor/compare/4.91.0...4.91.1
Use singleton
EventLoopGroup
by @MahdiBM in #3128
Use the new
singleton
EventLoopGroup
for more convenient and sometimes more performant APIs.
Thanks to the reviewers for their help:
Full Changelog: https://github.com/vapor/vapor/compare/4.90.0...4.91.0
β οΈ Security Update β οΈ
This release fixes a long standing issue in Vapor's URI parsing if users attempt to parse untrusted input that could lead to potential host spoofing. This was caused by using a C implementation with a uint16_t
index with no bounds checking. For more details see the security advisory GHSA-qvxg-wjxc-r4gg.
This vulnerability has been designated as CVE-2024-21631. Thank you to baarde for reporting!
Fix setting public folder for FileMiddleware
when using bundles by @grantjbutler in #3113
This PR fixes an issue where, if you provided a subfolder within a bundleβs resources, the wrong path would be provided to the
FileMiddleware
, causing the resources to not be loaded.For example, given a bundle with the following structure:
App.app/ βββ Contents/ βββ MacOS/ β βββ App βββ Resources/ βββ web-app/ βββ Public βββ index.html
If you tried to create an instance of
FileMiddleware
that tried to useweb-app/Public/
as the folder to serve files from,FileMiddleware
would incorrectly use the resource path of the bundle (App.app/Resources/
) instead of the full path to the specified folder (App.app/Resources/web-app/Public/
).
Full Changelog: https://github.com/vapor/vapor/compare/4.89.2...4.89.3