Releases: akka/akka-http
v10.1.6
See the announcement, release notes and the 10.1.6 milestone for more information.
v10.0.14
10.0.14 is security patch release in the 10.0.x series of Akka HTTP.
It is mainly a mitigation for the DoS vulnerability when using decodeRequest
Migration Notes
To avoid excessive memory usage we introduced two new limits that apply per default:
akka.http.routing.decode-max-size
: This limit applies when you usedecodeRequest
to limit the amount of decompressed data. The default limit is 8 megabytes.akka.http.parsing.max-to-strict-bytes
: This limit applies when you useHttpEntity.toStrict
or thetoStrictEntity
directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.
Depending on your application requirements, you may want to change these settings.
Changes since 10.0.13
For a full overview you can also see the 10.0.14 milestone:
v10.1.5
10.1.5 is the sixth release in the 10.1.x series of Akka HTTP.
It is mainly a mitigation for the DoS vulnerability when using decodeRequest
Migration Notes
To avoid excessive memory usage we introduced two new limits that apply per default:
akka.http.routing.decode-max-size
: This limit applies when you usedecodeRequest
to limit the amount of decompressed data. The default limit is 8 megabytes.akka.http.parsing.max-to-strict-bytes
: This limit applies when you useHttpEntity.toStrict
or thetoStrictEntity
directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.
Depending on your application requirements, you may want to change these settings.
Changes since 10.1.4
For a full overview you can also see the 10.1.5 milestone:
- Restrict the maximum size of a request entity after uncompressing it with
decodeRequest
#2137 - Restrict the maximum size of a request entity when reading it into memory with
toStrict
#2186 - Correctly set a default
parallelism
value when none is specified for HTTP/2 #2165 - Avoid matching an empty pattern when using
PathMatcher.repeat
#2097 - Add
ServerSentEvent.heartbeat()
to the Java DSL #2187
v10.1.4
10.1.4 is the fifth release in the 10.1.x series of Akka HTTP.
Among many other things, this release includes a fix for handling early responses in the client, HTTP/2 improvements and many updates to the documentation.
Changes since 10.1.3
For a full overview you can also see the 10.1.4 milestone:
Fixes in akka-http-core
- Support for scheme ending in digit in Uri.from (#2080)
- Allow
MediaType
s inSet
s (#2144) - Allow creating an unencrypted HTTP/2 server from Java (#2110)
- Fix a bug in handling chunked responses in the new connection pool (#2138)
Improvements in akka-http-core
- Improved graceful shutdown behavior (#2090)
- More sensible default for bindAndHandleAsync parallelism setting with HTTP/2 (#2145)
Improvements in akka-http
- Allow java/scala conversion for Routes for users (#891)
- Commonize marshalling selection code (#2004)
Improvements in akka-http-testkit
- Allow configuring the marshalling timeout (#2127)
Improvements in docs
- Fix broken links at release notes (#2082)
- Fix links to RequestEntityExpectedRejection api documentation (#2094)
- Document GenericMarshallers.futureMarshaller (#2095)
- Clarify not all abrupt client go-aways are clean (#2101)
- Clarify documentation for PathDirectives (#2109)
- Updated outdated SecurityDirectives documentation (#1715)
- Link to the Play and Lagom websites (#2121)
- Improve source-streaming docs (#2131)
- Add warning banner when browsing old versions (#2135)
v10.1.3
10.1.3 is the fourth release in the 10.1.x series of Akka HTTP.
This release addresses a critical memory leak issue introduced by the graceful termination infrastructure added in 10.1.2.
No other risky changes are made in this release, in order to make it a trustworthy fix drop-in replacement of 10.1.2.
Changes since 10.1.2
For a full overview you can also see the https://github.com/akka/akka-http/milestone/41?closed=1:
Fixes in akka-http-core
- ServerTerminator memory leak in 10.1.2 (#2067)
- Avoid eagerly failing connections when request closes (#2066)
Fixes in docs
Improvements in docs
Credits
Thanks to all contributors to this release!
commits added removed
3 227 29 Konrad `ktoso` Malawski
3 25 11 herzrasen
1 38 0 Arnout Engelen
1 4 4 Josep Prat
1 1 1 Raymond Roestenburg
1 1 1 Richard Imaoka
1 1 1 Will Sargent
v10.1.2
v10.1.1
v10.0.13
v10.0.12
v10.1.0
See the announcement, release notes and the 10.1.0-RC1, 10.1.0-RC2, and 10.1.0 milestones for more information.