This file contains all the notable changes done to the Ballerina HTTP package through the releases.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Add
anydata
support forsetPayload
methods in the request and response objects - Improve
@http:Query
annotation to overwrite the query parameter name in client - Improve
@http:Query
annotation to overwrite the query parameter name in service - Add header name mapping support in record fields
- Introduce util functions to convert query and header record with the
http:Query
and thehttp:Header
annotations - Migrate client and service data binding lang utils usage into data.jsondata module utils
toJson
andparserAsType
- Add static code rules
- Add relax data binding support for service and client data binding
- Add support for configuring server name to be used in the SSL SNI extension
- Add default HTTP listener
- Address CVE-2024-7254 vulnerability
- Fix duplicating
Content-Type
header via theaddHeader
method - Update netty version
- Fix the issue of not being able to configure only server name in the secureSocket config
- Fix rest path parameter generation with decoded path segments
- Add support for Server-Sent Events
- Introduce default status code response record
- Add connection eviction feature to handle connections that receive GO_AWAY from the client
- Enhance the configurability of Ballerina access logging by introducing multiple configuration options.
- Introduce HTTP service contract object type
- Fix number format exception with decimal values for cache configuration
- Fix cookie path resolution logic
- Add status code response binding support for the HTTP client
- Add response binding support for types union with
http:Response
- Supporting X25519Kyber768 key encapsulation for TLS 1.3
- Address CVE-2024-29025 netty's vulnerability
- Fix interceptor pipeline getting exited when there is a
nil
return - Fix response binding error for
anydata
type
- Expose HTTP connection eviction configurations in the client level
- Handle GO_AWAY received HTTP/2 clients gracefully
- Remove unused import from Http2StateUtil
- Fix client getting hanged when server closes connection in the ALPN handshake
- Fix client getting hanged when multiple requests are sent which exceed
maxHeaderSize
- Fix inconsistencies with error logging
- Fix
IndexOutOfBoundsException
when decoding jwt header - Fix HTTP/2 upgrade client hanging when server closes the connection abruptly
- Fix URL encoded form data binding with encoded
&
and=
characters - Fix client not honouring server-initiated connection closures
- Fix exception when return type of
createInterceptors
function is an array type - Expose HTTP/2 pseudo headers as request headers
- Address CVE-2023-33201 bouncy castle Vulnerability
- Fix parsing query parameters fail when curly braces are provided
- Address CVE-2023-34462 netty Vulnerability
- Deprecate listener level interceptors
- Improved default error format and message
- Move status code errors to
httpscerr
module
- Add constraint validation for path, query and header parameters
- Expose
http:Request
in the response interceptor path - Allow configuring an interceptor pipeline with a single interceptor
- Add runtime support for type referenced type in path parameters
- Add finite type support for query, header and path parameters
- Support for service level interceptors using
http:InterceptableService
- Allow changing initial window size value for client and the server
- Fix server push not working with nghttp2 HTTP/2 client
- Fix the issue - Errors occur at the SSL Connection creation are hidden
- Fix integrate JWT information into
http:RequestContext
- Fix header binding failed with 500 for header record param
- TypeReference kind return types gives compile time error in resource functions
- HTTP compiler plugin validation for return-types not working properly for record types
- HTTP compiler does not report error for returning record with object
- HTTP compiler does not report error for invalid path param
- Returning 500 when the upstream server is unavailable
- Encoded url path with special characters is not working as expected
- Make panic behavior consistent with interceptor and non-interceptor services
- Fix H2 client connection brake when ALPN resolved to H2
- Make @http:Payload annotation optional for post, put and patch
- Introduce new HTTP status code error structure
- Support for allowing tuple type in the resource return type
- Rewrite compiler plugin to resolve inconsistencies
- Add basic path parameter support for client resource methods
- Fix unnecessary warnings in native-image build
- Fix union types getting restricted by compiler plugin
- Fix data binding doesn't work for
application/x-www-form-urlencoded
- Multipart boundary is disturbed by the Content-type param value with Double quotes
- Add http/1.1 as the ALPN extension when communicating over HTTP/1.1
- Added support for
enum
query params - Introduce
getWithType()
method on request context objects - Introduce
hasKey()
andkeys()
methods on request context objects
- Application killed due to a panic has the exit code 0
- Binary payload retrieved from the
http:Request
has different content-length than the original payload - Address CVE-2022-41915 netty Vulnerability
- Kill the application when a resource function panics
- Add a grace period for graceful stop of the listener
- Add missing HTTP status codes
- Make socket configuration configurable in both ListenerConfig and Client config
- Populate HATEOAS link's types field based on the resource return type
- Add defaultable param support for query parameter
- Reduce Listener default timeout to 60s and Client default timeout to 30s
- API Docs Updated
- Improve data binding mime type match
- Mark client resource methods as isolated
- Fix dispatching logic issue due to double slash in basePath
- Fix stacklessConnectionClosed exception while calling backend with well known certs
- Compilation failure when creating HTTP service
- NPE when a request is sent to a non-existent path while Prometheus Metrics are enabled
- H2 client request hangs when ALPN resolved to H1
- Implement immediateStop in HTTP listener
- Add initial support for HATEOAS
- Add IP address to both local and remote addresses
- Add proxy support for HTTP2 client
- Make http2 the default transport in http
- Add support for client resource methods in HTTP client
- Add constraint validation to HTTP payload binding
- Introduce response and response error interceptors
- Allow records to be annotated with @http:Header
- Add basic type support for header params in addition to
string
,string[]
- Allow HTTP caller to respond
error
- Allow HTTP caller to respond
StatusCodeResponse
- Introduce
DefaultErrorInterceptor
- Support
anydata
in service data binding - Support
anydata
in client data binding - Add union type support service data binding
- Add union type support client data binding
- Add common constants for HTTP status-code responses
- Add code-actions to generate interceptor method template
- Add OpenAPI definition field in
@http:ServiceConfig
- Introduce new HTTP error types
- Append the scheme of the HTTP client URL based on the client configurations
- Refactor auth-desugar respond with DefaultErrorInterceptor
- Hide subtypes of http:Client
- Add code-actions to generate payload and header parameter templates
- Add code-actions to add content-type and cache configuration for response
- Allow readonly intersection type for resource signature params and return type
- Implement Typed
headers
for HTTP response - Add map data binding support for application/www-x-form-urlencoded
- Add compiler validation for payload annotation usage
- Add support to provide inline request/response body with
x-form-urlencoded
content
- Fix parseHeader() to support multiple header values
- Fix HTTP caching failure when using the last-modified header as the validator
- Fix HTTP caching failure after the initial Max Age expiry
- Mark HTTP Caller as Isolated
- Rename RequestContext add function to set
- Only allow default path in interceptors engaged at listener level
- Provide a better way to send with
application/x-www-form-urlencoded
- Rename Link header name to link
- Relax the data-binding restriction for no content status codes
- Fix unused variable warning in the package
- Fix initiating auth handlers per each request
- Remove the logs printed from the listeners
- Change the runtime execution based on the isolation status
- Mark HTTP Service type as distinct
- Change the Listener.getConfig() API to return InferredListenerConfiguration
- Enable HTTP trace and access log support
- Add HATEOS link support
- Introduce http:CacheConfig annotation to the resource signature
- Add service specific media-type prefix support in http:ServiceConfig annotation
- Add support for Map Json as query parameter
- Add OAuth2 JWT bearer grant type support
- Add authorization with JWTs with multiple scopes
- Add support to overwrite the scopes config by resource annotation
- Introduce introspection resource method to get generated OpenAPI document of the service
- Introduce service config treatNilableAsOptional for query and header params
- Add support to URL with empty scheme in http:Client
- Fix incorrect behaviour of client with mtls
- Fix multiple clients created for same route not using respective config
- Fix not applying of resource auth annotations for some resources
- Fix SSL test failure due to remote address being null
- Return error when trying to access the payload after responding
- Fix incorrect compiler error positions for resource
- Fix performance issue with observability metrics for unique URLs
- Fix support for parameter token with escape characters
- Fix the limitation of not supporting different API resources with same end URL Template
- Fix dispatching failure when same path param identifiers exist in a different order
- Respond with 500 response when nil is returned in the presence of the http:Caller as a resource argument
- Fix HTTP 'Content-Type' header value overriding while setting the payload for request and response
- Http compiler-plugin should validate header value type
- Allow only the error? as return type when http:Caller is present as resource function arg
- Fix missing error of invalid inbound request parameter for forward() method
- Fix HTTP Circuit Breaker failure when status codes are not provided in the configuration
- Fix HTTP FailOver client failure when status codes are overridden by an empty array
- Fix already built incompatible payload thrown error
- Optional Types Not Supported in HTTP Client Request Operation Target Type
- Rename
http:ListenerLdapUserStoreBasicAuthProvider
ashttp:ListenerLdapUserStoreBasicAuthHandler
- Change configuration parameters of listeners and clients to included record parameters
- Update Netty transport framework version to 4.1.63-Final
- Mark the HTTP client classes as isolated
- Remove usages of
checkpanic
for type narrowing - Update Stream return type with nil
- Update unused variables with inferred type including error
- Revert "Remove codecov.yml File"