Releases: wiremock/wiremock
3.3.1
π New features and improvements
- Allow empty URI path segments after the first (#2404) @Mahoney
- Switch the Webhooks Extension to use the injected template engine so that it respects standard configuration providers, e.g. system properties and environment variables (#2473) @tomakehurst
- Introduce the substitutable HTTP client (#2455) @tomakehurst
- Make
NetworkAddressRules
into an interface so that it can be implemented in a fully customised way @tomakehurst
π Bug fixes
- Fix network address rules breaking change - regression in WireMock
3.3.0
(#2478) @tomakehurst - Ignore IPv6 addresses when checking network security rules (#2475) @tomakehurst
- #2415 - Fix warning in the log due to SLF4J-API 1.7.36 to 2.0.7 replacement by Gradle (#2449) @Xabibax
- Fix API contract for
FileSourceBlobStore
(#2451) @dkhozyainov - Add
null
check for actual date/time truncation (#2466) (#2467) @papiomytoglou - #2422 - URL not matched by path template when query parameter present in request (#2429) @tomakehurst
π Documentation updates
- Add BEFORE_RESPONSE_SENT request phase to the stub-mapping schema (#2428) @picimako
- Update the co-maintainer policy beyond WireMock 3 (#2435) @oleg-nenashev
- Turn reference link into actual link (#2443) @SimonVerhoeven
π» Maintenance
- chore: use List.of where possible if only one argument is passed (#2468) @SimonVerhoeven
- fix: introduce a slight delay given the 2-3 results is slightly flakey (#2463) @SimonVerhoeven
- chore: infer explicit type arguments where possible (#2462) @SimonVerhoeven
- Refactor: split getLines method of Diff class (#2460) @julianahrens1999
- Replace Optional.orElse() calls with Optional.orElseGet() (#2450) @picimako
- Do not use deprecated jackson iso8601 class (#2423) @SimonVerhoeven
- feat: use expression lambdas over statement lambdas (#2444) @SimonVerhoeven
- Replace Guava by JDK (Partly) (#2384) @pks-1981
- Remove unnecessary type unboxing (#2424) @SimonVerhoeven
- Replace Guava by JDK (Partly) (#2409) @pks-1981
π¦ Dependency updates
- Bump org.eclipse.jetty:jetty-bom from 11.0.17 to 11.0.18 (#2469) @dependabot
- Bump commons-io:commons-io from 2.14.0 to 2.15.0 (#2464) @dependabot
- Bump com.google.guava:guava from 32.1.2-jre to 32.1.3-jre (#2433) @dependabot
- Bump com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.15.3 (#2441) @dependabot
- Bump org.eclipse.jetty:jetty-bom from 11.0.16 to 11.0.17 (#2430) @dependabot
- Bump org.sonarqube from 4.3.1.3277 to 4.4.1.3373 (#2410) @dependabot
- Bump org.mockito:mockito-junit-jupiter from 5.5.0 to 5.6.0 (#2426) @dependabot
- Bump org.ow2.asm:asm from 9.5 to 9.6 (#2406) @dependabot
- Bump org.mockito:mockito-core from 5.5.0 to 5.6.0 (#2425) @dependabot
- Bump io.netty:netty-all from 4.1.98.Final to 4.1.99.Final (#2403) @dependabot
- Bump com.diffplug.spotless from 6.21.0 to 6.22.0 (#2402) @dependabot
- Bump commons-io:commons-io from 2.13.0 to 2.14.0 (#2407) @dependabot
3.3.0
NOTE: This version is discarded because of the uninteded breaking change in
NetworkAddressRules
, fixed in 3.3.1 by #2478
π New features and improvements
- Allow empty URI path segments after the first (#2404) @Mahoney
- Switched the webhooks extension to use the injected template engine so that it gets e.g. system/env property configuration (#2473) @tomakehurst
- Substitutable HTTP client (#2455) @tomakehurst
- Make
NetworkAddressRules
into an interface so that it can be implemented in a fully customised way. note this introduced a breaking change, which is fixed in https://github.com/wiremock/wiremock/releases/tag/3.3.1
π Bug fixes
- Fixed #2415 Gradle replaces SLF4J-API 1.7.36 with 2.0.7, causing warning in the log (#2449) @Xabibax
- Refactor: split getLines method of Diff class (#2460) @julianahrens1999
- Fix contract for FileSourceBlobStore (#2451) @dkhozyainov
- Add null check for actual date/time truncation (#2466) (#2467) @papiomytoglou
- Fixed #2422 - URL not matched by path template when query parameter present in request (#2429) @tomakehurst
π Documentation updates
- Update the co-maintainer policy beyond WireMock 3 (#2435) @oleg-nenashev
- Turn reference link into actual link (#2443) @SimonVerhoeven
π» Maintenance
- chore: use List.of where possible if only one argument is passed (#2468) @SimonVerhoeven
- fix: introduce a slight delay given the 2-3 results is slightly flakey (#2463) @SimonVerhoeven
- chore: infer explicit type arguments where possible (#2462) @SimonVerhoeven
- Replace Optional.orElse() calls with Optional.orElseGet() (#2450) @picimako
- Do not use deprecated jackson iso8601 class (#2423) @SimonVerhoeven
- feat: use expression lambdas over statement lambdas (#2444) @SimonVerhoeven
- Replace Guava by JDK (Partly) (#2384) @pks-1981
- Remove unnecessary type unboxing (#2424) @SimonVerhoeven
- Replace Guava by JDK (Partly) (#2409) @pks-1981
β Other changes
- Ignore IPv6 addresses when checking network security rules (#2475) @tomakehurst
- Add BEFORE_RESPONSE_SENT request phase to the stub-mapping schema (#2428) @picimako
π¦ Dependency updates
- Bump org.eclipse.jetty:jetty-bom from 11.0.17 to 11.0.18 (#2469) @dependabot
- Bump commons-io:commons-io from 2.14.0 to 2.15.0 (#2464) @dependabot
- Bump com.google.guava:guava from 32.1.2-jre to 32.1.3-jre (#2433) @dependabot
- Bump com.fasterxml.jackson:jackson-bom from 2.15.2 to 2.15.3 (#2441) @dependabot
- Bump org.eclipse.jetty:jetty-bom from 11.0.16 to 11.0.17 (#2430) @dependabot
- Bump org.sonarqube from 4.3.1.3277 to 4.4.1.3373 (#2410) @dependabot
- Bump org.mockito:mockito-junit-jupiter from 5.5.0 to 5.6.0 (#2426) @dependabot
- Bump org.ow2.asm:asm from 9.5 to 9.6 (#2406) @dependabot
- Bump org.mockito:mockito-core from 5.5.0 to 5.6.0 (#2425) @dependabot
- Bump io.netty:netty-all from 4.1.98.Final to 4.1.99.Final (#2403) @dependabot
- Bump com.diffplug.spotless from 6.21.0 to 6.22.0 (#2402) @dependabot
- Bump commons-io:commons-io from 2.13.0 to 2.14.0 (#2407) @dependabot
3.2.0
π₯ Breaking changes
- Enable local response templating by default in standalone (#2386) @tomakehurst
- Add startup option to enable/disable extension scanning and set to disabled by default when running from Java (#2385) @tomakehurst
π New features and improvements
- Exposing MappingsLoader as an extension point (#2334) @bharatnpti
- Include more info when webhook refusal logged (#2389) @Mahoney
- HTTP Server Factory as an extension point (#2391) @tomakehurst
- Print loaded extensions at startup (#2381) @tomakehurst
π Bug fixes
- Fix json string schema rejecting numbers (#2390) @Mahoney
- Fix FileSource backed blobstore keys bug (#2392) @tomakehurst
- Fixed #2388 - empty getPath() returned from new FileStore implementation passed to transformers (#2396) @tomakehurst
π¦ Dependency updates
- Bump io.netty:netty-all from 4.1.97.Final to 4.1.98.Final (#2394) @dependabot
3.1.0
π New features and improvements
- Move webhooks to the WireMock core (#2376) @tomakehurst
- Added a setter for max template cache entries in WireMockConfiguration (#2365) @tomakehurst
- Add working equals & readable toString to NetworkAddressRange (#2358) @Mahoney
π₯ Breaking changes
- Move webhooks to the WireMock core. Users of the extension should remove the dependency when updating to the new version (#2376) @tomakehurst
π Bug fixes
- Fixed #2364 - scenarios produced by recorder play back in reverse order (#2377) @tomakehurst
- Fix admin requests with empty body to avoid response code 411 (#1738) @danielimre
- Fix standalone missing filename extension bug (#2366) @tomakehurst
π» Maintenance
- Fix markdown links (#2375) @pks-1981
- Add tests proving we match on request bodies (#2367) @Mahoney
- Replace Guava by JDK (Partly) (#2380) @pks-1981
π¦ Dependency updates
- Bump org.junit-pioneer:junit-pioneer from 2.0.1 to 2.1.0 (#2370) @dependabot
- Bump com.github.tomakehurst:wiremock-jre8-standalone from 2.33.2 to 2.35.1 in /testlogging (#2368) @dependabot
- Bump com.networknt:json-schema-validator from 1.0.86 to 1.0.87 (#2371) @dependabot
3.0.4
π New features and improvements
π Bug fixes
- Fix standalone missing filename extension bug (#2366) @tomakehurst
- Added a setter for max template cache entries in WireMockConfiguration (#2365) @tomakehurst
- Second attempt at fixing shaded webhooks plugin (#2362) @tomakehurst
π» Maintenance
- Bump org.scala-lang:scala-library test dependency from 2.13.11 to 2.13.12 (#2360) @dependabot
β Other changes
3.0.3 - Security Release
π Security
This security release addresses the following issues
- CVE-2023-41327 - Controlled SSRF through URL in the WireMock Webhooks Extension and WireMock Studio
- Base CVSS Score: 4.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C)
- CVE-2023-41329 - Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
- Base CVSS Score: 3.9 (AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)
NOTE: WireMock Studio, a proprietary distribution discontinued in 2022, is also affected by those issues and also affected by CVE-2023-39967 - Overall CVSS Score 8.6 - βControlled and full-read SSRF through URL parameter when testing a request, webhooks and proxy modeβ. The fixes will not be provided. The vendor recommends migrating to WireMock Cloud which is available as SaaS and private beta for on-premises deployments
π Related releases
- WireMock Docker 3.0.3-1 - Docker Image with the Patch
- WireMock 2.35.1 / WireMock Docker 2.35.1-1 - Backport to WireMock 2.x
- Python WireMock 2.6.1 - Python library that bundles the WireMock JAR file
- NOTE: Other distributions like Testcontainers modules or Helm chart need explicit version declaration, and hence a user action is needed to update the dependencies should they be considered a risk
Credits
2.35.1 - Security Release
π This is a security release that addresses the following issues
- CVE-2023-41327 - Controlled SSRF through URL in the WireMock Webhooks Extension and WireMock Studio
- Overall CVSS Score: 4.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C)
- CVE-2023-41329 - Domain restrictions bypass via DNS
Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes- Overall CVSS Score: 3.9 (AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)
NOTE: WireMock Studio, a proprietary distribution discontinued in 2022, is also affected by those issues and also affected by CVE-2023-39967 - Overall CVSS Score 8.6 - βControlled and full-read SSRF through URL parameter when testing a request, webhooks and proxy modeβ. The fixes will not be provided. The vendor recommends migrating to WireMock Cloud which is available as SaaS and private beta for on-premises deployments
Credits: @W0rty, @numacanedo, @Mahoney, @tomakehurst, @oleg-nenashev
3.0.2
π Bug fixes
- fix: avoid crash when printing help in wiremock-standalone (#2351) @tomasbjerre
π» Maintenance
π¦ Dependency updates
- Bump org.eclipse.jetty:jetty-bom from 11.0.15 to 11.0.16 (#2346) @dependabot
- Bump org.slf4j:log4j-over-slf4j from 2.0.7 to 2.0.9 (#2353) @dependabot
- Bump org.sonarqube from 4.3.0.3225 to 4.3.1.3277 (#2352) @dependabot
3.0.1
π Bug fixes
- Stop returning 500s for unmatched path patterns (#2339) @Mahoney
- Ensure that the shadow JAR is always built last to ensure webhooks fat JAR wins (#2344) @tomakehurst
- Added validation of UUIDs in path parameters in the admin API so that clearer errors are reported when non UUIDs are provided or item isn't found rather than throwing a 500 error (#2347) @tomakehurst
- Respect StopAction in V1 Filter (#2335) @Mahoney
Thanks to the regression reporters: @defnngj , @oleg-nenashev , @Mahoney
WireMock 3.0.0
A new major release that introduces a lot of new features, enhancements and also some breaking changes. The key changes include support for Java 17, dropping Java 8 support, new matchers and dynamic response macros, new API endpoints, etc. Weβve made a small number of breaking changes to the Java API plus some behavioural changes, but the JSON (REST and file) API remains fully compatible with 2.x.
NOTE: A blog post with the user-friendly summary and migration guidelines is coming soon!
Thanks to all contributors! The changelog below represents key changes between 2.35.0 and 3.0.0. The full list of changes is available below in the collapsed section.
WARNING: There are known issues in the WireMock 3.0.0 release. Please be careful when updating, and see the Errata below
Upgrade guide
This guide assumes you would be upgrading from WireMock 2.35.0 to 3.1.0
Show steps
- If you arenβt using WireMock 2.35.0, upgrade to this version first
- If you use WireMock Standalone, backup your configurations, logs and other information you might need in the future, just in case the - upgrade goes wrong
- If you use the WireMock Webhooks Extension, delete the dependency on it and the downloads. Now the extension is a part of the WireMock core
- If you use any WireMock extensions, private source or open source ones, ensure they are compatible with WireMock 3 by checking this GitHub Issue, documentation and the integration tests. If you discover any incompatible extension, please raise a bug in [wiremock/wiremock/issues (https://github.com/wiremock/wiremock/issues) or comment in wiremock/wiremock #2323, We will triage and route it accordingly
- If you use Java 8 on the instance, update to Java 11 or Java 17
- Update WireMock to the most recent release of WireMock 3
π New features and improvements
- Matching and response templating:
- JSON matching via
matchesJsonSchema()
@kapishmalik - Form parameter matching support (#2157) @kapishmalik
not()
matcher that inverts other matchers (#2006) @SatyamAK- Support for multi-stub mapping files to the remote loader function (#2198) @DjerohN
- Support for Java time when serialising to/from JSON (#2130 ) @mark-henry
- Support for matching multi-valued headers and query parameters with
includes
andhasExactly
(#2110) @kapishmalik - Matching URLs by path template @tomakehurst
- Matching path variables in the same manner as query, headers, etc. @tomakehurst
- Support for addressing path variables by name in response templates @tomakehurst
Proxy mode:
- Add support for recording via an existing proxy configuration and not having to set the target URI (5637a00) @tomakehurst
- Make proxy timeout configurable (#2058) @lpradel
- Add support for disabling proxy pass-through (#2087) @kapishmalik
API and Extensibility:
- #1512 - Extensions API v2 - Documentation (#2238) @tomakehurst
- New extension points:
RequestFilterV2
,TemplateHelperProviderExtension
,TemplateModelDataProviderExtension
,ResponseDefinitionTransformerV2
,ResponseTransformerV2
,ServeEventListener
- New extension points:
- Add Beta API for externalized state storage (#2144) @tomakehurst
- Add
patch()
Method with URL in WireMock REST API client (#2261) @Joel-Schaltenbrand - Add convenient method for matching absence of query and form params in a request (#2192, #2193) @G-Basak
- Add a
beforeResponseSent()
serve event listener hook (#2295) @tomakehurst - Add a WireMock#requestedFor() method allowing to pass Http method as parameter (#2175) @ytvnr
- Add annotations for Beta and Internal APIs (#2332) @oleg-nenashev
- Allow configuring webhook to forbid target endpoints (#2307) @Mahoney
- Add
WiremockNetworkTrafficListeners
as unified factory for creating arbitrary notifying traffic listeners.(#2283) @gsmith85 - Add support for customising the filenames produced when stubs are saved or recorded via Handlebars at startup @craftsman228
- Add request IP to template model (#2103) @bmarwell
- Allow fixing class loader in
ClasspathFileSource
(#2054) @derari
Operations:
- #1913 - Support for sub-events associated with a ServeEvent - Documentation (#2238) @tomakehurst
- Add healthcheck endpoint to WireMock Standalone (#2303) @Purely-Jonas @ikalu
- Add support for custom encoding in
ConsoleNotifyingWiremockNetworkTrafficListener
(#2139) @gsmith85 - Performance: Change
Queue
on toDeque
inInMemoryRequestJournalStore
(#2299) @pks-1981 - Improve rendering performance for large response templates (#2211) @Mahoney
- Improve error message in
AbstractFileSource#assertFilePathIsUnderRoot()
(#2267) @oleg-nenashev - New ASCII art on standalone startup (166c3b3) @tomakehurst
π₯ Known Issues / Errata
- FIXED in 3.1.0 - WireMock Webhook Extension 3.0.0 JAR is broken #2342. Also, the 2.35.0 build of the extension is not compatible with WireMock 3.0.0 as reported in #2341. This extension cannot be reliably used until a new patch is released
- Some other WireMock 2 exceptions are not compatible with WireMock 3 and need an update. See the WireMock 3 extension compatibility notes in #2323
- FIXED in 3.0.1 -
StopAction
in the old V1 Filter extension implementation was not working as expected - fixed by @Mahoney in #2335 - FIXED in 3.0.2 - Help printing fails in WireMock standalone - fixed by @tomasbjerre in 3.0.2 #2351
This list will be expanded when we find new issues
π₯ Breaking changes
- Java 8 is no longer supported, WireMock will NOT work on this version anymore
- Upgrade from Jetty 9 to Jetty 11 (Changelog) @tomakehurst
- Change the Maven repository groupID to org.wiremock for all artifacts built from this repository: wiremock, wiremock-standalone, wiremock-webhooks-extension @tomakehurst
- Change Artifact IDs of
wiremock-jre8
andwiremock-jre8-standalone
towiremock
andwiremock-standalone
@tomakehurst - Change the standalone CLI entrypoint from
com.github.tomakehurst.wiremock.standalone.WireMockServerRunner
towiremock.Run
(166c3b3) @tomakehurst - Starting from WireMock 3.1.0, the Webhooks extension is included into the main distribution, and hence enabled by default. Users should remove dependency on the extension when upgrading to this version
- Almost all Guava usages in public binary APIs were replaced by Java 11 equivalents. The rest will be removed in the WireMock 4 release in the future. Credits to @timtebeek, @pks-1981, @tomasbjerre
- Remove deprecated API routes (note: weβve preserved the ones necessary for the 2.x client to continue to work with the 3.x server) (47d420) @tomakehurst
- Change order of handling scenarios with transformed stubs (#2140) @gsmith85
- Switch the
com.github.tomakehurst.wiremock.common.Timing
return values toInteger
and allownull
when data isn't ready (#2275) @emilianoalvarez91 - Response templating is enabled in local mode by default when starting programmatically. It is now entirely configured via startup options and customised via the extension interface so
ResponseTemplateTransformer
should no longer be constructed directly. 2.x code constructingResponseTemplateTransformer
will no longer compile so should be removed or migrated to the 3.x style - See #2349 for detail
Please note the the legacy recorder has now been deprecated (7b8a7d. It will removed in WireMock 4 @tomakehurst
Please also note that some APIs remain in the Beta state, and there might be some breaking changes within major releases. We will be adding more annotations in the next release to make it explicit.
π Bug fixes
- Shadow additional packages in wiremock-standalone (#2327) @jluehe
- Prevent slf4j being shaded into the webhooks JAR @tomakehurst
- Correctly handle scenarios with transformed stubs (#2140) @gsmith85
- Fix flood JSON string can not be null or empty from mapping matcher (#2247) @emilianoalvarez91
- Fix admin request crashing when timing responseSendTime is null (#2275) @emilianoalvarez91
- Fix ParseJsonHelper not storing parsed result in variable (if any) when json is empty (#2277) @G-Basak
- Fix
@WireMockTest
not working with@DisabledInNativeImage
(#2219) @DarkAtra - Prevent exception being thrown when a stub using matchesJsonSchema is present and the request body is empty (#2223) @Mahoney
- Fix mis-detection of browser proxy requests over HTTPs (e21394e) @tomakehurst
- Fix broken
hashCode()
in HTTP body (#2116) @ullenius - Add missing
equals()
andhashCodeI()
methods to matcher classes @jnt0r - Fix bug when running declarative + programmatic JUnit5 extension (#2123) @parawanderer
- Respect keystore type when loading keystores (#2003) @kaarefc
- Fix
NullPointerException
thrown when rendering a diff report for a path template matched stub @Mahoney - Fix a bug where disabling browser proxy pass-through also disabled proxy stubs @Mahoney
- Prevent
NullPointerException
when a multipart could not be parsed (#2035) @sickmartian - Fix clock skew pr...