v10.0.15

See the announcement, release notes and the 10.0.15 milestone for more information.

v10.1.6

See the announcement, release notes and the 10.1.6 milestone for more information.

v10.0.14

10.0.14 is security patch release in the 10.0.x series of Akka HTTP.

It is mainly a mitigation for the DoS vulnerability when using decodeRequest

Migration Notes

To avoid excessive memory usage we introduced two new limits that apply per default:

• akka.http.routing.decode-max-size: This limit applies when you use decodeRequest to limit the amount of decompressed data. The default limit is 8 megabytes.
• akka.http.parsing.max-to-strict-bytes: This limit applies when you use HttpEntity.toStrict or the toStrictEntity directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.

Depending on your application requirements, you may want to change these settings.

Changes since 10.0.13

For a full overview you can also see the 10.0.14 milestone:

• Restrict the maximum size of a request entity after uncompressing it with decodeRequest #2137
• Restrict the maximum size of a request entity when reading it into memory with toStrict #2186
• Support parameters for custom media types (#2005)

v10.1.5

10.1.5 is the sixth release in the 10.1.x series of Akka HTTP.

It is mainly a mitigation for the DoS vulnerability when using decodeRequest

Migration Notes

To avoid excessive memory usage we introduced two new limits that apply per default:

• akka.http.routing.decode-max-size: This limit applies when you use decodeRequest to limit the amount of decompressed data. The default limit is 8 megabytes.
• akka.http.parsing.max-to-strict-bytes: This limit applies when you use HttpEntity.toStrict or the toStrictEntity directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.

Depending on your application requirements, you may want to change these settings.

Changes since 10.1.4

For a full overview you can also see the 10.1.5 milestone:

• Restrict the maximum size of a request entity after uncompressing it with decodeRequest #2137
• Restrict the maximum size of a request entity when reading it into memory with toStrict #2186
• Correctly set a default parallelism value when none is specified for HTTP/2 #2165
• Avoid matching an empty pattern when using PathMatcher.repeat #2097
• Add ServerSentEvent.heartbeat() to the Java DSL #2187

v10.1.4

10.1.4 is the fifth release in the 10.1.x series of Akka HTTP.

Among many other things, this release includes a fix for handling early responses in the client, HTTP/2 improvements and many updates to the documentation.

Changes since 10.1.3

For a full overview you can also see the 10.1.4 milestone:

Fixes in akka-http-core

• Support for scheme ending in digit in Uri.from (#2080)
• Allow MediaTypes in Sets (#2144)
• Allow creating an unencrypted HTTP/2 server from Java (#2110)
• Fix a bug in handling chunked responses in the new connection pool (#2138)

Improvements in akka-http-core

• Improved graceful shutdown behavior (#2090)
• More sensible default for bindAndHandleAsync parallelism setting with HTTP/2 (#2145)

Improvements in akka-http

• Allow java/scala conversion for Routes for users (#891)
• Commonize marshalling selection code (#2004)

Improvements in akka-http-testkit

• Allow configuring the marshalling timeout (#2127)

Improvements in docs

• Fix broken links at release notes (#2082)
• Fix links to RequestEntityExpectedRejection api documentation (#2094)
• Document GenericMarshallers.futureMarshaller (#2095)
• Clarify not all abrupt client go-aways are clean (#2101)
• Clarify documentation for PathDirectives (#2109)
• Updated outdated SecurityDirectives documentation (#1715)
• Link to the Play and Lagom websites (#2121)
• Improve source-streaming docs (#2131)
• Add warning banner when browsing old versions (#2135)

v10.1.3

10.1.3 is the fourth release in the 10.1.x series of Akka HTTP.

This release addresses a critical memory leak issue introduced by the graceful termination infrastructure added in 10.1.2.
No other risky changes are made in this release, in order to make it a trustworthy fix drop-in replacement of 10.1.2.

Changes since 10.1.2

For a full overview you can also see the https://github.com/akka/akka-http/milestone/41?closed=1:

Fixes in akka-http-core

• ServerTerminator memory leak in 10.1.2 (#2067)
• Avoid eagerly failing connections when request closes (#2066)

Fixes in docs

• Correct pipelining-limit flag name (#2059)
• Fix link to compatibility rules section (#2062)

Improvements in docs

• Reference documentation for Graceful Termination (#2072)
• Enhance Caching Documentation (#2060)

Credits

Thanks to all contributors to this release!

commits  added  removed
      3    227       29 Konrad `ktoso` Malawski
      3     25       11 herzrasen
      1     38        0 Arnout Engelen
      1      4        4 Josep Prat
      1      1        1 Raymond Roestenburg
      1      1        1 Richard Imaoka
      1      1        1 Will Sargent

v10.1.2

Add release 10.1.2 release notes (#2058)

v10.1.1

Release annoucement

v10.0.13

release 10.0.13

v10.0.12

Small fixes release, release notes to follow soon