changelog.md

Change Log

This file contains all the notable changes done to the Ballerina HTTP package through the releases.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

• Add anydata support for setPayload methods in the request and response objects
• Improve @http:Query annotation to overwrite the query parameter name in client
• Improve @http:Query annotation to overwrite the query parameter name in service
• Add header name mapping support in record fields
• Introduce util functions to convert query and header record with the http:Query and the http:Header annotations

Fixed

• Address CVE-2024-7254 vulnerability
• Fix duplicating Content-Type header via the addHeader method

[2.12.0] - 2024-08-20

Added

• Add support for Server-Sent Events
• Introduce default status code response record
• Add connection eviction feature to handle connections that receive GO_AWAY from the client
• Enhance the configurability of Ballerina access logging by introducing multiple configuration options.
• Introduce HTTP service contract object type

Fixed

• Fix number format exception with decimal values for cache configuration
• Fix cookie path resolution logic

[2.11.2] - 2024-06-14

Added

• Generate and host SwaggerUI for the generated OpenAPI specification as a built-in resource

Fixed

• Remove the resource level annotation restrictions

[2.11.1] - 2024-05-29

Fixed

• Fix caching behaviour with client execute method

[2.11.0] - 2024-05-03

Added

• Add status code response binding support for the HTTP client
• Add response binding support for types union with http:Response
• Supporting X25519Kyber768 key encapsulation for TLS 1.3

Fixed

• Address CVE-2024-29025 netty's vulnerability
• Fix interceptor pipeline getting exited when there is a nil return
• Fix response binding error for anydata type

[2.10.12] - 2024-03-21

Fixed

• Fix the inconsistency in overwriting identical cookies

[2.10.11] - 2024-03-13

Changed

• Update Host header only when a value is intentionally provided

[2.10.8] - 2024-03-05

Added

• Make the Host header overridable

[2.10.7] - 2024-02-14

Fixed

• Fix connection getting closed by stale eviction task after it has been closed by the server

[2.10.6] - 2024-02-01

Added

• Expose HTTP connection eviction configurations in the client level
• Handle GO_AWAY received HTTP/2 clients gracefully

Fixed

• Remove unused import from Http2StateUtil
• Fix client getting hanged when server closes connection in the ALPN handshake
• Fix client getting hanged when multiple requests are sent which exceed maxHeaderSize
• Fix inconsistencies with error logging

[2.10.5] - 2023-12-06

Fixed

• Fix IndexOutOfBoundsException when decoding jwt header
• Fix HTTP/2 upgrade client hanging when server closes the connection abruptly

[2.10.4] - 2023-11-17

Fixed

• Fix URL encoded form data binding with encoded & and = characters
• Fix client not honouring server-initiated connection closures

Changed

• Make some of the Java classes proper utility classes

[2.10.3] - 2023-10-13

Fixed

• Address CVE-2023-4586 netty Vulnerability

[2.10.2] - 2023-10-09

Fixed

• Fix HTTP2 mTLS issue when certs and keys are provided

[2.10.1] - 2023-09-27

Fixed

• Fix resilient client failure in passthrough scenarios

[2.10.0] - 2023-09-15

Fixed

• Fix exception when return type of createInterceptors function is an array type
• Expose HTTP/2 pseudo headers as request headers
• Address CVE-2023-33201 bouncy castle Vulnerability

Added

• Add open record support for query parameters

Changed

• Remove interceptor configuration from http:ListenerConfiguration and http:ServiceConfig

[2.9.0] - 2023-06-30

Added

• Add query,header and path parameter runtime support for Ballerina builtin types

Fixed

• Fix parsing query parameters fail when curly braces are provided
• Address CVE-2023-34462 netty Vulnerability

Changed

• Deprecate listener level interceptors
• Improved default error format and message
• Move status code errors to httpscerr module

[2.8.0] - 2023-06-01

Added

• Add constraint validation for path, query and header parameters
• Expose http:Request in the response interceptor path
• Allow configuring an interceptor pipeline with a single interceptor
• Add runtime support for type referenced type in path parameters
• Add finite type support for query, header and path parameters
• Support for service level interceptors using http:InterceptableService
• Allow changing initial window size value for client and the server

Changed

• Replace the regex module usages with the lang.regexp library

[2.7.0] - 2023-04-10

Fixed

• Fix server push not working with nghttp2 HTTP/2 client
• Fix the issue - Errors occur at the SSL Connection creation are hidden
• Fix integrate JWT information into http:RequestContext
• Fix header binding failed with 500 for header record param
• TypeReference kind return types gives compile time error in resource functions
• HTTP compiler plugin validation for return-types not working properly for record types
• HTTP compiler does not report error for returning record with object
• HTTP compiler does not report error for invalid path param
• Returning 500 when the upstream server is unavailable
• Encoded url path with special characters is not working as expected
• Make panic behavior consistent with interceptor and non-interceptor services
• Fix H2 client connection brake when ALPN resolved to H2

Added

• Make @http:Payload annotation optional for post, put and patch
• Introduce new HTTP status code error structure
• Support for allowing tuple type in the resource return type
• Rewrite compiler plugin to resolve inconsistencies
• Add basic path parameter support for client resource methods

[2.6.0] - 2023-02-20

Fixed

• Fix unnecessary warnings in native-image build
• Fix union types getting restricted by compiler plugin
• Fix data binding doesn't work for application/x-www-form-urlencoded
• Multipart boundary is disturbed by the Content-type param value with Double quotes

Added

• Add http/1.1 as the ALPN extension when communicating over HTTP/1.1
• Added support for enum query params
• Introduce getWithType() method on request context objects
• Introduce hasKey() and keys() methods on request context objects

[2.5.2] - 2022-12-22

Fixed

• Application killed due to a panic has the exit code 0
• Binary payload retrieved from the http:Request has different content-length than the original payload
• Address CVE-2022-41915 netty Vulnerability

[2.5.1] - 2022-12-01

Fixed

• Fix HTTP client creating more than one TCP connection
• Fix issues with HTTP/2 listener stop

[2.5.0] - 2022-11-29

Added

• Kill the application when a resource function panics
• Add a grace period for graceful stop of the listener
• Add missing HTTP status codes
• Make socket configuration configurable in both ListenerConfig and Client config
• Populate HATEOAS link's types field based on the resource return type
• Add defaultable param support for query parameter

Changed

• Reduce Listener default timeout to 60s and Client default timeout to 30s
• API Docs Updated
• Improve data binding mime type match
• Mark client resource methods as isolated

Fixed

• Fix dispatching logic issue due to double slash in basePath
• Fix stacklessConnectionClosed exception while calling backend with well known certs
• Compilation failure when creating HTTP service
• NPE when a request is sent to a non-existent path while Prometheus Metrics are enabled
• H2 client request hangs when ALPN resolved to H1

[2.4.0] - 2022-09-08

Added

• Implement immediateStop in HTTP listener
• Add initial support for HATEOAS
• Add IP address to both local and remote addresses
• Add proxy support for HTTP2 client
• Make http2 the default transport in http
• Add support for client resource methods in HTTP client
• Add constraint validation to HTTP payload binding

Changed

• Update default response status as HTTP 201 for POST resources

Fixed

• User-Agent header is set to a default value or empty in http post request

[2.3.0] - 2022-05-30

Added

• Introduce response and response error interceptors
• Allow records to be annotated with @http:Header
• Add basic type support for header params in addition to string, string[]
• Allow HTTP caller to respond error
• Allow HTTP caller to respond StatusCodeResponse
• Introduce DefaultErrorInterceptor
• Support anydata in service data binding
• Support anydata in client data binding
• Add union type support service data binding
• Add union type support client data binding
• Add common constants for HTTP status-code responses
• Add code-actions to generate interceptor method template
• Add OpenAPI definition field in @http:ServiceConfig
• Introduce new HTTP error types

Changed

• Append the scheme of the HTTP client URL based on the client configurations
• Refactor auth-desugar respond with DefaultErrorInterceptor
• Hide subtypes of http:Client

Fixed

• Validate record field types for resource input params

[2.2.1] - 2022-03-02

Added

• Add code-actions to generate payload and header parameter templates
• Add code-actions to add content-type and cache configuration for response
• Allow readonly intersection type for resource signature params and return type

[2.2.0] - 2022-02-01

Added

• Implement Typed headers for HTTP response
• Add map data binding support for application/www-x-form-urlencoded
• Add compiler validation for payload annotation usage
• Add support to provide inline request/response body with x-form-urlencoded content

[2.1.0] - 2021-12-14

Added

• Introduce interceptors at service level

Fixed

• Fix parseHeader() to support multiple header values
• Fix HTTP caching failure when using the last-modified header as the validator
• Fix HTTP caching failure after the initial Max Age expiry
• Mark HTTP Caller as Isolated

Changed

• Rename RequestContext add function to set
• Only allow default path in interceptors engaged at listener level
• Provide a better way to send with application/x-www-form-urlencoded

[2.0.1] - 2021-11-20

Added

• Introduce request and request error interceptors

Fixed

• Rename Link header name to link
• Relax the data-binding restriction for no content status codes
• Fix unused variable warning in the package
• Fix initiating auth handlers per each request

Changed

• Remove the logs printed from the listeners
• Change the runtime execution based on the isolation status
• Mark HTTP Service type as distinct
• Change the Listener.getConfig() API to return InferredListenerConfiguration

[2.0.0] - 2021-10-10

Added

• Enable HTTP trace and access log support
• Add HATEOS link support
• Introduce http:CacheConfig annotation to the resource signature
• Add service specific media-type prefix support in http:ServiceConfig annotation
• Add support for Map Json as query parameter
• Add OAuth2 JWT bearer grant type support
• Add authorization with JWTs with multiple scopes
• Add support to overwrite the scopes config by resource annotation
• Introduce introspection resource method to get generated OpenAPI document of the service
• Introduce service config treatNilableAsOptional for query and header params
• Add support to URL with empty scheme in http:Client

Fixed

• Fix incorrect behaviour of client with mtls
• Fix multiple clients created for same route not using respective config
• Fix not applying of resource auth annotations for some resources
• Fix SSL test failure due to remote address being null
• Return error when trying to access the payload after responding
• Fix incorrect compiler error positions for resource
• Fix performance issue with observability metrics for unique URLs
• Fix support for parameter token with escape characters

[1.1.0-beta.2] - 2021-07-07

Fixed

• Fix the limitation of not supporting different API resources with same end URL Template
• Fix dispatching failure when same path param identifiers exist in a different order
• Respond with 500 response when nil is returned in the presence of the http:Caller as a resource argument
• Fix HTTP 'Content-Type' header value overriding while setting the payload for request and response
• Http compiler-plugin should validate header value type
• Allow only the error? as return type when http:Caller is present as resource function arg
• Fix missing error of invalid inbound request parameter for forward() method
• Fix HTTP Circuit Breaker failure when status codes are not provided in the configuration
• Fix HTTP FailOver client failure when status codes are overridden by an empty array
• Fix already built incompatible payload thrown error
• Optional Types Not Supported in HTTP Client Request Operation Target Type

Changed

• Rename http:ListenerLdapUserStoreBasicAuthProvider as http:ListenerLdapUserStoreBasicAuthHandler

[1.1.0-beta.1] - 2021-05-06

Added

• Add contextually expected type inference support for client remote methods

Changed

• Change configuration parameters of listeners and clients to included record parameters
• Update Netty transport framework version to 4.1.63-Final
• Mark the HTTP client classes as isolated

[1.1.0-alpha8] - 2021-04-22

Added

• Implement compiler plugin to validate HTTP service

[1.1.0-alpha6] - 2021-04-02

Added

• Add enrich header APIs for auth client handlers

Changed

• Remove usages of checkpanic for type narrowing
• Update Stream return type with nil
• Update unused variables with inferred type including error
• Revert "Remove codecov.yml File"