Skip to content

Releases: vapor/vapor

4.84.4 - Fix NIOLoopBound issues

06 Oct 01:43
@penny-for-vapor penny-for-vapor
4.84.4
e38dfe4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.84.4 - Fix NIOLoopBound issues

What's Changed

Fix NIOLoopBound issues by @0xTim in #3081

Fixes a number of issues where NIOLoopBound and NIOLoopBoundBox were used without ensuring we were on the correct event loop before accessing them. This could lead to precondition crashes

This patch was released by @0xTim

Full Changelog: 4.84.3...4.84.4

Contributors

0xTim
Assets 2

4.84.3 - Fix AHC Dependency Mismatch

05 Oct 14:49
@penny-for-vapor penny-for-vapor
4.84.3
c17d9b9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.84.3 - Fix AHC Dependency Mismatch

What's Changed

Fix AHC Dependency Mismatch by @0xTim in #3075

4.84.1 migrated the use of AHC to the new singletons API but didn’t bump the version required leading to build errors for some users. This fixes that

This patch was released by @0xTim

Full Changelog: 4.84.2...4.84.3

Contributors

0xTim
Assets 2

4.84.2 - [SECURITY] Incorrect request error handling triggers server crash

05 Oct 11:21
@gwynne gwynne
4.84.2
090464a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.84.2 - [SECURITY] Incorrect request error handling triggers server crash

⚠️ Security Update ⚠️

This release fixes an issue introduced in 4.83.2 Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, making it vulnerable to a Denial of Service attack. For more details see the security advisory GHSA-qvxg-wjxc-r4gg.

This vulnerability has been designated as CVE-2023-44386. Thank you to t0rchwood for reporting!

Assets 2

4.84.1 - Add numerous missing `@preconcurrency` attributes

28 Sep 09:37
@penny-for-vapor penny-for-vapor
4.84.1
036d67e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.84.1 - Add numerous missing `@preconcurrency` attributes

What's Changed

Add numerous missing @preconcurrency attributes by @gwynne in #3074

It has become standard practice to add @Sendable to @escaping closures passed as method parameters to improve Concurrency correctness. However, when this is done for pre-existing public methods that are not async, the result is source incompatibility for some users, as mutable values captured by such closures will cause unexpected build errors. The correct way to suppress this behavior is to mark such methods with the @preconcurrency attribute, signaling to the compiler that users may not yet expect the additional restrictions of @Sendable to apply without sacrificing correctness for Concurrency-ready code. Unfortunately, Vapor recently added @Sendable annotations to many of its APIs without also adding the @preconcurrency annotation; this update addresses that oversight.

This patch was released by @gwynne

Full Changelog: 4.84.0...4.84.1

Contributors

gwynne
Assets 2

4.84.0 - More Sendable Conformances

26 Sep 12:07
@penny-for-vapor penny-for-vapor
4.84.0
446b877
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.84.0 - More Sendable Conformances

What's Changed

More Sendable Conformances by @0xTim in #3057

This adds more Sendable conformances to Vapor and resolves any Sendable warnings that aren’t related to Request or Response

Reviewers

Thanks to the reviewers for their help:

This patch was released by @0xTim

Full Changelog: 4.83.2...4.84.0

Contributors

fabianfett and 0xTim
Assets 2

4.83.2 - HTTPServerErrorHandler: Improve Error Handling for HTTPParserError

22 Sep 13:09
@penny-for-vapor penny-for-vapor
4.83.2
1f2b44b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.83.2 - HTTPServerErrorHandler: Improve Error Handling for HTTPParserError

What's Changed

HTTPServerErrorHandler: Improve Error Handling for HTTPParserError by @fred-sch in #2922

Invalid HTTP previously just closed the connection, but did not actually handle the errors.

This PR uses an adapted version of https://github.com/apple/swift-nio/blob/main/Sources/NIOHTTP1/HTTPServerProtocolErrorHandler.swift to properly catch exceptions if they occur.

New Contributor

Reviewers

Thanks to the reviewers for their help:

This patch was released by @gwynne

Full Changelog: 4.83.1...4.83.2

Contributors

gwynne, Lukasa, and 4 other contributors
Assets 2

4.83.1 - Pass X-Request-Id if present

22 Sep 06:16
@penny-for-vapor penny-for-vapor
4.83.1
d79fad4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.83.1 - Pass X-Request-Id if present

What's Changed

Pass X-Request-Id if present by @paunik in #3072

Pass the value from the X-Request-Id to the logger context

  • pass the X-Request-Id header value if present, pass generated UUID if the header not present

Mentioned:

Why:

Inspiration:

New Contributor

This patch was released by @gwynne

Full Changelog: 4.83.0...4.83.1

Contributors

paunik and gwynne
Assets 2

4.83.0 - Support Crypto 3.0.0 in the other package manifest

22 Sep 05:56
@penny-for-vapor penny-for-vapor
4.83.0
a4b0715
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.83.0 - Support Crypto 3.0.0 in the other package manifest

What's Changed

Support Crypto 3.0.0 in the other package manifest by @gwynne in #3073

Fixes an oversight made by both Tim and myself in #3070. Full credit to @gregcotten for catching the omission.

This patch was released by @gwynne

Full Changelog: 4.82.0...4.83.0

Contributors

gregcotten and gwynne
Assets 2

4.82.0 - Add support for Swift Crypto 3.0.0

22 Sep 02:07
@penny-for-vapor penny-for-vapor
4.82.0
7118641
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.82.0 - Add support for Swift Crypto 3.0.0

What's Changed

Add support for Swift Crypto 3.0.0 by @0xTim in #3070

See https://forums.swift.org/t/swift-crypto-3-0-0/67387 for more details

This patch was released by @gwynne

Full Changelog: 4.81.1...4.82.0

Contributors

gwynne and 0xTim
Assets 2

4.81.1 - `Logger.report()` should handle `LocalizedError`, `DecodingError`, and `EncodingError` identically to other errors

20 Sep 16:26
@penny-for-vapor penny-for-vapor
4.81.1
b70d504
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.81.1 - `Logger.report()` should handle `LocalizedError`, `DecodingError`, and `EncodingError` identically to other errors

What's Changed

Logger.report() should handle LocalizedError, DecodingError, and EncodingError identically to other errors by @MahdiBM in #3068

LocalizedError.localizedDesceiption is useless. We shouldn’t use it.
The special handling of DecodingError and EncodingError also doesn’t do much.

This patch was released by @gwynne

Full Changelog: 4.81.0...4.81.1

Contributors

gwynne and MahdiBM
Assets 2