This list is not currently intended to be all-encompassing - it will document major and breaking API changes with their rationale when appropriate:
- Deprecate String.toBody()
- Fix checkbox behaviour in webdriver
- Use Jetty latest release version (rather than RC one)
- Fix #189 - Uri toString now omits leading slash if the authority of a Uri is blank. This could be a potential break, but is actually more consistent as a Uri can currently be relative or absolute.
- Extend
SetBaseUriFromto support query parameters
- Added
SetBaseUriFromfilter
- (Possible breaking change):
Jsonis now only generified by a single type parameter instead of 2. For most usages, this type would have been identical anyway, but the upgrade of Argo has finally allowed the removal of this dead generic. Simply replaceJson<Node, Node>withJson<Node>. - Added Offset datetime types to all JSON auto-marshalling libraries
- Build logic for versioning is now in Kotlin. H/T @jmfayard for the PR
- Upgrade Kotlin, and various other dependencies
- Fix
withChaosControlsURL pattern so that it matches sub-routes ok on original handler
- Added
BearerAuthandBasicAuthimplementations which populateRequestContexts. Plus cookbook example :)
- Fix #177 - Make RequestContexts thread-safe.
- Upgrades to
http4k-testing-webdriver. H/T @dickon for the PRs - Added
ProxyHostrequest filter which is useful for writing proxy-type apps.
- Fix #168 - Fix rest of hamkrest matchers caused by generics mishap.
- Upgrade HTTP client dependency versions.
- Added
http4k-testing-chaosmodule, designed to enhance failure-mode testing for http4k apps. Massive H/T to @IgorPerikov for the PR which drove this module's creation. - Added
http4k-incubatormodule, for hosting developing projects and other code which might be promoted to top-level modules in the future.
- Fix #167 - Reintroduce
hasBodycompatibility with common matchers such ascontainsString() - Remove deprecations.
- Fix #165 - AWS auth filter does not replace headers - it sets them (which breaks for request signing)
- Fix #164 - Webdriver internal state breaks when navigating to a full URL
- Fix #162 -
SetHostFromdoesn't set 'Host' header correctly (missing port). H/T @elifarley
- Added some regex matchers to
http4k-testing-hamkrest. - Added
BearerAuthauthentication Server and Client Filters - these work similarly toBasicAuth. - Added option for
defaulted()lenses to fall back to another supplied lens in the case of missing value. Thanks to @dmcg for the inspiration. :)
- Fix #160 -
JavaHttpClientdoes not copy body stream correctly onto URL connection.
- Fix #159 - Contracts should not have Security applied to the description route by default.
- Fix #158 - Static and contract routes filters are applied in the wrong order.
- Add default SamplingDecision param to ZipkinTraces - defaults to always sample.
- Fix #150 - StaticRoutingHandler filters being called twice.
- Fix #151 - POTENTIAL BREAK: Rework of Status objects to fix equality against the Status constant
valswhen a description has been overridden. This involves the following potential breaking change: The Status class is no longer a data class to tighten up encapsulation - user calls to copy() will have to be replaced.
- Raise SO_BACKLOG in Apache and Netty server implementations.
- Add PERMANENT_REDIRECT and UNPROCESSABLE_ENTITY Status object.
- No change from 3.33.0. Previous version couldn't be made available to maven central.
- Add convenient way to extract from as a Map from http message. H/T to @dmcg (this version is available in jcenter only)
- Fix #142 - Pebble templates don't load from JAR files.
- Add support for propagation of the Zipkin x-b3-sampled header
- Changes to the Netty factory to enable running http4k on GraalVM. H/T @RichyHBM
- Allow all server implementations to start on port 0 (ie. find a free port) and then report it back as a part of the
Http4kServerinterface
- Make HTTP clients resilient to unknown host and connectionrefused exceptions
- Implememted #134 - Added default (de)serialization for common JDK primitives to all Auto-marshalling JSON modules - eg. datetimes and UUIDs
- Fix #131 - Uri's created with paths that don't contain leading slashes.
- Added etag parser filter. H/T @dgliosca for the PR
- Fix #132 - Ensured that
disableDefaultTypingis called in default Jackson implementation. This should be the default anyway, but has been added to ensure that we don't fall foul of CVE-2017-7525 and to surface awareness of this issue.
- OpenAPI now provides example values in the generated schema. H/T @skewwhiffy for the PR.
- Fix #126 - ResourceLoadingHandler can expose mapped resources into the root. <-- We think this is an important update, so please upgrade!
- Fix #125 - ApacheServer implementation now sets content length if present.
- Fix #123 - Multipart Body objects blow up when parsed after being debugged. As with all streams, care should be taken to not blow heap when internalising them for debugging purposes.
- Debugging filter now supports ignoring Multipart streams.
- Tweak: OpenAPI now doesn't return null values in the schema.
- Fix #124 - headers in WebSocket upgrade request are incorrectly joined.
- Removed
supportedContentTypesfield from OpenApi contract JSON, since this is a legacy field.
- Added option to Undertow to enable HTTP2 from main ServerConfig
- Upgrade various dependencies for Java 10 compatibility. H/T @tom
- Fix bug with repeated params in Websocket upgrade request. H/T @tom
- Composite LensFailures now capture (at least) the first failing cause (probably the body parameter in the case of an
http4k-contractmodule.
- Fix #116 - Can provide a custom Response creation method for
CatchLensFailure. H/T @elifarley for the inspiration!
- Added singleton method for Json.array, since if you pass in a single JsonNode (Jackson), it accidentally iterates over the fields in the node instead of using the object as an entry in the array.
- Fix #115 - Only add content-length for methods that allow content in AwsAuth filter
- Preserve routing information on request/response manipulation
http4k-security-oauthmodule added - with support for OAuth2 Authorization Grant flow- Replaced classes reliant on
javax.activationpackage, which allows Java 9+ to not require any external dependencies. \o/ - Fix #112 -
ApacheClientincorrectly sets headers on GET requests (this breaks F5 load balancers). H/T @simojenki - PR #110 - Websocket client timeouts are incorrectly translated as seconds instead of millis. HT @anorth
- Core
JavaHttpClientdoes not support streaming due to limitations withHttpURLConnection
- Fix #109 - Jackson treats integer values inconsistently, leading to matching errors when using hamkrest.
- Fix #107 - Killed the x-uri-template header and fixed the ReportHttpTransaction to have access to the
routingGroup. - Altered ordering of filters in
http4k-contractso that the route is identified before pre-filters and security are applied. This allows knowledge of the path to be accessible at the time of application of those filters.
- Introduce JavaHttpClient to
http4k-core. It provides a very basic http client without any other 3rd party dependencies.
- PR #104 - Add optional time/date formatters to LensSpecs so you can choose you serialisation format. H/T @elifarley
- Fix #105 - Swagger API json file: duplicate key in "definitions".
- Fixed PR #100 - URI template regex required extra escaping. This only affects Android deployments as IDE shows the regex escaping is redundant. H/T @privatwolke
- Breaking: converted contract pre-security filter to be a post-security filter. This means that all standard filters are applied before the security later, which allows for logging and monitoring and context setup. The previous filter mechanic applied security first, which didn't allow for this. In the unlikely event that post-security filters still need to be applied, use the
withPostSecurityFilter()function when building the contract. - Docs for contract RouteMeta function parameters, and deprecated some unused functions (missed when we introduced the DSL).
- PR #99 - Contract routes now support up to 10 path segments. Thanks to @scap1784 for the PR! :)
- Fix #97. Moshi does not fail when deserialise non-nullable fields correctly. Note that GSON still suffers from this problem
- Added a pre-security filter option to contract creation, so that you can explicitly specify behaviour to occur before security kicks in.
- Convert
Security(from sealed class) andApiKeyto be interfaces. This allows users to implement their own security models.
- Introduce
HttpTransactionand newReportHttpTransactionfilter provide better generic API for reporting, along with the ability to label transactions for this purpose. - Breaking: Rework the metrics request counter and timer Filter API. There is now a
HttpTransactionLabellerfor you to add as many labels as required to the transaction. Each of these labels will be used to tag the metric.
- Fix #95 - Filters are now applied to "route not found" responses
- Fix #93 - Apache server doesn't like content-length or transfer-encoding headers present in http4k response.
- Add ability to "name" input and output contract body definitions in an OpenAPI JSON doc. This applies to only the top level entity. If no override is passed, the objects are named according to their hashcode.
- Fix #92 - cookie date should always use US locale
- Further tweak to Netty. H/T @FredDeschenes
- Fix #91 - large message handli ng in Netty
- Upgrade to Kotlin 1.2.20
- Support for
operationIdin OpenApi route metadata. H/T @danschultz for the PR. - Removed previously deprecated methods.
- New client module
http4k-client-jetty, which supports both sync and async models.
- Fix #84. OPTIONS requests are not detected by contract routes.
- Added option to NOT authorise OPTIONS requests in ApiKey security filter.
- Added support for Async HTTP clients and added new
AsyncHttpClientinterface, which is obviously used for HTTP clients only**, and not server-side calls. :) - New client module
http4k-client-apache-async. - New metrics gathering module
http4k-metrics-micrometer. Big H/T to @kirderf for the PR. - Added support for async to
OkHttpclient module.
- P/R 81 - adding headers and timeout to websocket client.
- Added compactify and prettify to Json implementations
- Added
Json.hasBodyHamkrest matchers for comparing bodies. Note these are extension methods and need to be referenced/imported as such.
- Added facility for non-blocking websocket client to react to onConnect event. This API is the same as the inbound, server-side API - ie. there are no explicit connection event handlers. H/T @tom for the idea.
- P/R #13 Create extension methods for Response to add caching headers. H/T @k0zakinio.
- Fix #78. Serialisation of raw lists using Moshi fails in the same way as the Jackson auto-conversions do. Added convenience methods to get around this.
- Added
http4k-format-moshito support the Square auto-marshalling library.
- Fix #76 - encoding of path segments to use URI encoding instead of URL form encoding.
- Added support for multiple HotReload template directories in
HandlebarsTemplates. H/T @TomShacham - Fix #74 - Request tracing span/parentSpan set too early so was shared between outgoing requests.
- New server backend
http4k-server-apache. H/T @kirderf for the PR :) - We now set the length of the incoming request body when it is available in the incoming request.
- Handlebars now uses combination of Class and Template name to cache templates.
- Facility to compose
TemplateRendererswiththen()to provide fallback behaviour.
- PR #70: Header order equality for Request/Response - H/T @gypsydave5.
- Switched out
StatusforWsStatus(with proper RFC code set) in Websockets.
- Typesafe Websockets! Jetty now supports websockets, using the same style of API in the main http4k routing.
- (Possible) Breaking change: Because
WsHandler(typealias) implements the same inbound interface asHttpHandler, you now cannot declareHttpHandlerswithout specifying the input type, so any "anonymous" handlers will not compile as a result. The required fix is very simple, but manual: `{ Response(OK) } should become { _:Request -> Response(OK) }
- Fix Request.form() for streaming requests
- Remove possibility of empty message for Path Lens failure.
- New (better!) API for
http4k-contractmodule. Old meta DSL has been deprecated.
- Fix #63 - Apache Client Connect. timeout exception handling.
- Added
http4k-serverless-lambdamodule, allowing http4k applications to be deployed into AWS Lambda and then called from API Gateway. Effectively, the combination of these two services become just another Server back-end supported by the library. \o/
RequestContextKeynow follow the standardised Lens structure of required, optional, defaulted, and can now be removed (set to null). Replace calls toRequestContextKey.of()withRequestContextKey.required()- Removed previously deprecated values. See below for details on replacements.
- Added
http4k-resilience4jmodule, which adds Circuits, RateLimiters, Retrying and Bulkheading. - Fix #60 (H/T @michaelhixson for the spot).
- Added a couple of useful
ServerFilters. - Upgrade various dependency versions.
- Tidying of Multipart code.
- Fix #57. Static handlers behave oddly when combined with an HTTP verb in the routing tree.
- Fix #56. Altered behaviour of
CatchLensFailureto NOT catch errors from unmarshalling Response objects. This was causing BAD_REQUEST to be incorrectly generated. - Simplification of generics around LensSpecs. This should not be a breaking change, (there were 3 generics, now the MID has been removed so there are just 2) but could break if signatures are used explicitly.
- Reordered generics in LensInjector to make sense. This should have no effect on most code-bases, but could break if signatures are used explicitly. Just flip the generic types to switch.
- Added support for unsigned AWS requests, which enables streaming content to S3.
- Added
BodyMode.Requestto configure streaming for clients. ResponseBodyModeis nowBodyMode.Response(Breaking change. Fixable with simple find/replace).
- Added
ServerFilter.ProcessFilesfilter to stream Multipart Files, convert them into references and replace inline in the Form.
- Avoid realising StreamBody unless necessary, which could break common usages of streaming.
- Tweaks to Server backends to improve efficiency.
- Webdriver will keep only the final URI after redirects.
- Increased granularity of
Replay.DiskStreamand ensure that traffic is returned in exact order on all OSes. - Add support for redirects to Webdriver.
- Multipart module tweaked to provide a more consistent API.
- Fix FollowRedirects for POST/PUT request.
- Multipart form support through new module
http4k-multipart. - Deprecation: Replaced
SwaggerwithOpenApiand deprecated the former (via typealias). - Deprecation: Replaced
FormValidatorwithValidatorand deprecated the former (via typealias).
- Refactor release.
- Fix #50 - Webdriver does not normalise relative links correctly.
- Http client modules now catch and convert Socket Timeout exceptions to HTTP 504s (with a custom message)
- Tweaks to how recorded traffic is stored on disk. Thanks to @dkandalov for the PR around this.
- Added
TrafficFiltersfor recording and replaying HTTP traffic. Seeorg.http4k.trafficpackage for details.
- Added
http4k-template-dustfor Dust template engine support. Thanks to @npryce for the PR to add this.
- Fix #44 - Use quotes around cookie values
- Raise proper Exception (instead of LensFailure) when RequestContexts are not set up correctly, so we don't accidentally classify developer errors as BadRequests
- Added facility to assign values into a
RequestContextwhich is passed down the Filter chain.
- Fix #44 - Request cookies should not be wrapped in quotes.
- Fix #43 - AWS does not sign binary requests correctly.
- Fix #41 - Sending binary body alters the size of the payload.
- Added "catch all" routing option, which matches all methods to a handler.
- Fix #40 - GZip filters now use content-encoding headers instead of transfer-encoding.
- Fix #39 - ResponseBodyMode.Memory properly closes streams (breaks jetty + gzip).
- Ensure that streams are closed properly when consuming from an upstream client.
- Remove Apache client request streaming because it may not release connections properly.
- Add streaming support to HTTP Server and Client modules.
- Remove CatchLensFailure ClientFilter as it will never be used.
- Added CatchLensFailure for ClientFilters - which catches un-deserializable invalid responses from clients and generates a BAD_GATEWAY error.
- Switch XML generation to Gson over Jackson because Jackson doesn't handle uppercase field names well.
- Switch native XML parsed type to Document over Node.
- New algorithm for XML data class deserialisation, so un-deprecated XML methods.
- Deprecated methods in XML support due to limitation with underlying Jackson implementation.
- Fixed bug with GenerateXmlDataClasses filter
- Renamed
http4k-format-jackson-xmlmodule tohttp4k-format-xml. - Improved XML unmarshalling support.
- Fixed 36: Form entry is too strict with content encoding.
- Added
http4k-format-jackson-xmlmodule, with XML parsing support. - Upgrade several dependencies
- Fixed Hamkrest matchers to be on HttpMessage and not Http Request.
- Default body Content Negotiation strategy changed to None
- Converted Content-Negotiation strategy from an Enum to an interface, so that users can define their own strategies. We also now check encoding so there are 4-built in strategies to choose from: Strict, StrictNoDirective, NonStrict and None.
- Fixed #31 - Matching of segments in URIs is done after URLs are decoded, which results in not capturing encoded slashes in the path segments.
- Fixed #30 - CachingClasspath template ResourceLoader not working with non-root packages.
- Fixed #29 - webdriver submission of text area.
- Http clients now use a new instance of the default for each instantiation. Previously there was a shared instance.
- Add regex body type for parsing values out of bodies, and "None" option for content negotiation.
- Fix AWS request signing for requests containing empty path
- Fix AWS request signing for requests containing path with special characters
- Added support for newRequest() in new
RouteBindermechanic.
- Add support for unlimited nesting for
routes()blocks. Removed the rawRouteobject, which can be replaced withRouterorRoutingHttpHandlerwhere appropriate. - As part of above, rejigged route setup logic. Deprecated old routing structure, so now
"/path" to GET bindis"/path" bind GET to. To fix deprecation, simply switch the calls to "to" and "bind" in routing setup. - Rename of
bind()inhttp4k-contractto bebindContract()
- Added missing eclectic HTTP method. :)
- Added GZip filters to
http4k-coreto zip request and response bodies.
- Improved messages for
http4k-testing-hamkrestmatchers.
- Added
http4k-testing-hamkrestwhich contains a set of Hamkrest matchers for Http4k objects.
- More features for
http4k-testing-webdriver. Cookie support added.
- More features for
http4k-testing-webdriver. We now support Form entry and submission.
- More features for
http4k-testing-webdriver.
- Added
http4k-testing-webdrivermodule, an ultralight Selenium WebDriver for http4k apps
- Fix #26 - GenerateDataClasses does not recurse into nested object trees
- Fix filter application on GroupRoutingHttpHandler to apply the filter when it is applied with
then(RoutingHttpHandler()
- Fix static routes not defaulting to index.html when in root context
- Added
SunHttpserver implementation (for development use only)
- Fix cookie parsing when value contains '='
- Add method to set form values in the request
- Added PURGE HTTP method as it's used commonly by various caches.
- Repackage AWS classes for consistency with rest of project
- Alter AWS Auth filter creation. Now use
ClientFilters.AwsAuth
- Add AWS module
- Newly created Zipkin traces are now populated onto incoming request in ServerFilters.
- Slight tweak to GSON auto-marshalling to allow for use of raw Arrays with auto-marshalling
- Add
Thymeleaftemplating support
- Add
Pebbletemplating support
- Make Route a Router so we can nest them together.
- Remove excess "charset" from headers in Undertow.
- Rename
by()tobind()in routing for clarity.
- Fix for #24 - UriTemplate captures query parameters when the trailing path parameter is a regex.
- Added GSON full-auto functions to convert arbitary objects to/from JSON.
- Fix #23. Contract now supports multi-part URL params (for hardcoded parts)
- Fix #22. Uri template does not parse out correct path params when URL starts with a path part.
- toString() implementations to aid debugging
- Readded missing default parameter for
newRequest()on RouteSpec
- Breaking: Inversion of routing API.
GET to "/someUri"is now"/someUri" to GETfor consistency across the entire API.
- Reimplementation of
http4k-contractAPI to match main routing API. Contracts are now nestable.
- Fix Filters being applied twice in
ContractRoutingHttpHandler
- More work on
http4k-contractcontract API
- Rework
http4k-contractrouting to be mounted in the same way as otherRoutingHttpHandlers
- Filters are now applied consistently to all Routers
- Tweak to DSL for defining StaticRouters
- Fix for #18: FollowRedirect will now work if location header includes charset information.
- New DSL for defining StaticRouters
- Merged StaticContent and StaticRouter and repackage of contract API into other packages
- Extend fix for #17 to request
Cookieheader.
- Fix for #17. Cookie can now parse a cookie without attributes and ending in semicolon.
- Added nestable Routers.
- Merging of Modules and Routers.
Routeris the newModule!RouteModuleis nowContractRouter, so rename in code will be required.
- Fix for #15. OkHttp client handling of POSTs with no body.
- Can add custom mime types to Static Content
- GenerateDataClasses is capable of more complex object graphs
- Remove
HttpHandler.asServerin favour ofHttpHandler.startServerto avoid confusion. - Introduce
Status.description().
- Netty sets content-length header.
- Fix for #12. Undertow not constructing response correctly.
- New module with Undertow.io support
http4k-server-undertow - Jackson implementation now ignores unknown properties in incoming messages
- Netty implementation tidied up
- Fix for #11. Netty implementation returns incorrect status codes.
- Add synonym methods for Lenses to aid readability. We now have
invoke(IN)/extract(IN)and `invoke(IN, TARGET)/inject(IN, TARGET)
http4k-contracts: Add option to change the route of the module description route
http4k-contracts: Fix for contract module description routes not being authenticated via security filter
http4k-contracts: AddSwaggermodule rendering with JSON schema models for messages.
- Add
nonEmptyString()lens type to all request parts.
- General rework
- Further work on Path Lenses. They are now fully supported and consistent for both simple and contract routing scenarios.
- Path lenses are now bidirectional, so can be used to populate requests as well as bodies an headers etc.
- Routes can now create shell Requests for themselves, using
route.newRequest()
- Body is now non-nullable (use
Body.EMPTYinstead) - Rename methods
BodyLensAPI for consistency and clarity.required()is nowtoLens().to()' binding method is nowof().
- New client module:
http4k-client-okhttp
- Tidying
- Added option for Body content-negotiation to be strict or non-strict (the default). Always be strict in what you send, relaxed in what you will accept. :)
- Moved
Credentialstoorg.http4k.corepackage. - Add various filters, including
SetHostFromandCatchAll.
- Added
GenerateDataClassesso you can generate Kotlin data classes from JSON messages.
- Added CORs support
- Added auto() to Jackson, so you can auto convert body objects into and out of Requests/Responses
- Added CachingFilters
- Removed static factory methods for Request/Response. They were confusing/incomplete and users can easily recreate them via extension functions.
- Merge
org.http4k.core.Bodyandorg.http4k.lens.Body. - Add Request/Response message parsers.
- Turn Body into ByteBuffer wrapper rather than typealias. That should make .toString() behave as most people would expected.
- Removed non-mandatory parameters from Request and Response constructors. This is aid API clarity. and force users to use the API methods for properly constructing the objects.
- Regex Lens added.
- Initial major release.