Releases: vapor/vapor
4.84.4 - Fix NIOLoopBound issues
What's Changed
Fix NIOLoopBound issues by @0xTim in #3081
Fixes a number of issues where
NIOLoopBound
andNIOLoopBoundBox
were used without ensuring we were on the correct event loop before accessing them. This could lead to precondition crashes
This patch was released by @0xTim
Full Changelog: 4.84.3...4.84.4
4.84.3 - Fix AHC Dependency Mismatch
What's Changed
Fix AHC Dependency Mismatch by @0xTim in #3075
4.84.1 migrated the use of AHC to the new singletons API but didn’t bump the version required leading to build errors for some users. This fixes that
This patch was released by @0xTim
Full Changelog: 4.84.2...4.84.3
4.84.2 - [SECURITY] Incorrect request error handling triggers server crash
This release fixes an issue introduced in 4.83.2 Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, making it vulnerable to a Denial of Service attack. For more details see the security advisory GHSA-qvxg-wjxc-r4gg.
This vulnerability has been designated as CVE-2023-44386
. Thank you to t0rchwood for reporting!
4.84.1 - Add numerous missing `@preconcurrency` attributes
What's Changed
Add numerous missing @preconcurrency
attributes by @gwynne in #3074
It has become standard practice to add
@Sendable
to@escaping
closures passed as method parameters to improve Concurrency correctness. However, when this is done for pre-existingpublic
methods that are notasync
, the result is source incompatibility for some users, as mutable values captured by such closures will cause unexpected build errors. The correct way to suppress this behavior is to mark such methods with the@preconcurrency
attribute, signaling to the compiler that users may not yet expect the additional restrictions of@Sendable
to apply without sacrificing correctness for Concurrency-ready code. Unfortunately, Vapor recently added@Sendable
annotations to many of its APIs without also adding the@preconcurrency
annotation; this update addresses that oversight.
This patch was released by @gwynne
Full Changelog: 4.84.0...4.84.1
4.84.0 - More Sendable Conformances
What's Changed
More Sendable Conformances by @0xTim in #3057
This adds more Sendable conformances to Vapor and resolves any Sendable warnings that aren’t related to
Request
orResponse
Reviewers
Thanks to the reviewers for their help:
This patch was released by @0xTim
Full Changelog: 4.83.2...4.84.0
4.83.2 - HTTPServerErrorHandler: Improve Error Handling for HTTPParserError
What's Changed
HTTPServerErrorHandler: Improve Error Handling for HTTPParserError by @fred-sch in #2922
Invalid HTTP previously just closed the connection, but did not actually handle the errors.
This PR uses an adapted version of https://github.com/apple/swift-nio/blob/main/Sources/NIOHTTP1/HTTPServerProtocolErrorHandler.swift to properly catch exceptions if they occur.
New Contributor
Reviewers
Thanks to the reviewers for their help:
This patch was released by @gwynne
Full Changelog: 4.83.1...4.83.2
4.83.1 - Pass X-Request-Id if present
What's Changed
Pass X-Request-Id if present by @paunik in #3072
Pass the value from the X-Request-Id to the logger context
- pass the X-Request-Id header value if present, pass generated UUID if the header not present
Mentioned:
Why:
- We needed a way to trace router -> web -> worker on the logger on the heroku and we found this https://devcenter.heroku.com/articles/http-request-id
Inspiration:
New Contributor
This patch was released by @gwynne
Full Changelog: 4.83.0...4.83.1
4.83.0 - Support Crypto 3.0.0 in the other package manifest
What's Changed
Support Crypto 3.0.0 in the other package manifest by @gwynne in #3073
Fixes an oversight made by both Tim and myself in #3070. Full credit to @gregcotten for catching the omission.
This patch was released by @gwynne
Full Changelog: 4.82.0...4.83.0
4.82.0 - Add support for Swift Crypto 3.0.0
What's Changed
Add support for Swift Crypto 3.0.0 by @0xTim in #3070
See https://forums.swift.org/t/swift-crypto-3-0-0/67387 for more details
This patch was released by @gwynne
Full Changelog: 4.81.1...4.82.0
4.81.1 - `Logger.report()` should handle `LocalizedError`, `DecodingError`, and `EncodingError` identically to other errors
What's Changed
Logger.report()
should handle LocalizedError
, DecodingError
, and EncodingError
identically to other errors by @MahdiBM in #3068
LocalizedError.localizedDesceiption
is useless. We shouldn’t use it.
The special handling ofDecodingError
andEncodingError
also doesn’t do much.
This patch was released by @gwynne
Full Changelog: 4.81.0...4.81.1