Play 2.8.20

The Play Team is happy to announce the release of Play 2.8.20 🥳

❔ Nice, but what about Play 2.9?

It's around the corner, basically some docs, migration guide and release notes missing, but no more pull requests. A first release candidate should follow within days 🤞 Sorry, it took a bit longer and was postponed a couple of times. With the first Play 2.9 RC we will also give an update on how we continue with Akka / Akka HTTP after September 2023.

📗 So what is new in 2.8.20?

This is mostly a bugfix release with some enhancements added. The most notable are:

• #11881 [2.8.x] scala-xml 1.3.1 by @mkurz
  • Ships with a fix to avoid a potential StackOverflowError in Play body parsers. Researched by @beny23, thanks!
• #11754 [2.8.x] Add to RouteInvokers test helper (backport #11375) by @dwhjames
• #11876 [2.8.x] Support trailing newline in SSR (backport #11848) by @ryoppy
• #11657 [2.8.x] Support MariaDB jdbc con. string for Evolutions tables (backport #11655) by @mkurz
• #11732 [2.8.x] Add ConfigLoader implicits for java.time.Duration (backport #11715) by @tmccombs
• #11611 [2.8.x] Filters should be restrictive when their route modifier black-/whitelist both are empty (backport #11610) by @mkurz
• #11874 [2.8.x] Update akka to 2.6.21 (backport #11849) by @xuwei-k

Besides that, following pull requests got merged for this release:

• #11878 [2.8.x] Dependency upgrades for 2.8.20 release by @mkurz
• #11877 [2.8.x] Make it easy to identify the cookie in which the error occurred (backport #11850) by @tsuyoshizawa
• #11818 [2.8.x] Fixed dead link (backport #11817) by @gianick
• #11807 [2.8.x] Fix documentation of scheduleOnce (backport #11806) by @johnsgp
• #11802 [2.8.x] Remove asset finder from helloWorld by @mkurz
• #11795 [2.8.x] Sync GHA workflows with main branch by @mkurz
• #11779 [2.8.x] fix reverse routes escape with fixed param (backport #11774) by @xuwei-k
• #11746 [2.8.x] Fix MysqlJdbcUrl regex matching (backport #11745) by @mkurz
• #11713 [2.8.x] Fix transforming of PathBindable and also the anyValPathBindable macro (backport #11712) by @mkurz
• #11668 [2.8.x] Added .bsp to the typical .gitignore file by @gianick
• #11642 [2.8.x] sbt-java-formatter 0.8.0 by @ihostage
• #11639 [2.8.x] Scalafmt3 (backport #11512) by @adrianlyjak
• #11638 [2.8.x] Upgrade Scalafmt to latest release of 2.7.x serias by @ihostage
• #11636 [2.8.x] Fix length validation in Multipart.randomBoundary (backport #11635) by @jdayton3
• #11634 [2.8.x] Upgrade Scalafmt to latest release of 2.6.x serias by @ihostage
• #11632 [2.8.x] 🔄 synced file(s) with playframework/.github by @ihostage
• #11630 [2.8.x] Upgrade Scalafmt to latest release of 2.5.x serias (backport #11628) by @ihostage
• #11627 [2.8.x] implements #11467. Adds command to fix up formats (backport #11513) by @adrianlyjak
• #11626 [2.8.x] Render sha and dirty part in version only when on CI (backport #11625) by @mkurz
• #11624 [2.8.x] chore(#11143): set next minor version when being on main branch (backport #11168) by @gaeljw
• #11607 [2.8.x] Interplay 2.1.11 to avoid out of memory with gpg by @mkurz

For more details see the full list of changes and the 2.8.20 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.19

The Play Team is happy to announce the release of Play 2.8.19 🥳

📗 What is new?

ping/pong support for WebSockets 🏓

Finally! Check out the documentation:

• WebSockets Play Scala
• WebSockets Play Java

Using Netty, WebSockets time out now ⏳

Another fix for WebSockets ships with this release as well:
If you are using the Netty backend the play.server.http[s].idleTimeout setting will now be honored for WebSocket connections. Until now, when using Netty, a WebSocket connection never timed out. That might even was desirable for some use cases, but now that we have ping/pong support you have to make use of that to keep WebSocket connections open. That is the correct way of doing things and not closing connections after an idle timeout was actually a bug. The akka-http backend was always working correctly and didn't need to be fixed.

Removed the shutdown hook from the default logback config 🪝

If you have

<shutdownHook class="ch.qos.logback.core.hook.DelayingShutdownHook"/>

in your logback config, you should remove that line. Play handles the shutdown of the logger context, the line shown is not necassary anymore since at least Play 2.7 and is a leftover that should have been removed a while ago. More details can be found in the according pull request.

Correctly encode Content-Disposition: form-data; name="..."; filename="..." 🔠

When Play renders a request body containing multipart/form data it will now encode the name and the filename fields according the "WHATWG HTML living standard" section 4.10.21.8. curl, Firefox, Chrome and other libraries like Python's urllib3 follow the same approach. Until now, Play didn't encode those fields which could result in security implications. Just to be clear, this is not about receiving and parsing multipart/form data from a client, but when sending multipart/form data e.g. via ws or when using the RequestBuilder to build a request for testing purposes. Details can be found in pull request #11571.

A few words on Play's compatibility with sbt 1.8 🔧

Now that sbt 1.8 got released there have been reports that it isn't working out of the box with Play, caused by a version conflict regarding scala-xml, see #11522. Unfortunately, right now, we don't have a fix for that yet. Even if we bump scala-xml to version 2.x in Play and all its dependencies, we can't currently make sbt 1.8 work with Play because of another problem described in #11527.
The good news is, that isn't a showstopper if you still want to upgrade to sbt 1.8. You can do that right now by putting

ThisBuild / libraryDependencySchemes += "org.scala-lang.modules" %% "scala-xml" % VersionScheme.Always

in project/plugins.sbt. That is possible because scala-xml 1.x and 2.x are compatible anyway. However, like described in #11527 you will not be able to use PlayNonBlockingInteractionMode with sbt 1.8 then (which probably not many people do anyway)

Merged pull requests

Following pull requests got merged for this release:

• #11604 [2.8.x] Upgrade netty + netty reactive streams + fix backports by @mkurz
• #11603 [2.8.x] Escape Content-Disposition params according to WHATWG HTML living standard (backport #11571) by @mkurz
• #11602 [2.8.x] Add exceptionOverrideClassName Hikari config setting (backport #11601) by @benwaffle
• #11598 [2.8.x] Fix the example code to DiscardingCookie for Results#discardingCookies (backport #11597) by @tsuyoshizawa
• #11593 Update PlayApplicationOverview.md by @SenthilNayagan
• #11528 [2.8.x] Upgrade Scalafmt to latest release of 2.4.x serias (backport #11524) by @ihostage
• #11567 [2.8.x] Added play-hmac-signatures (backport #11559) by @phelps-sg
• #11560 [2.8.x] Updating documentation - ConfiguringHttps.md by @szymond
• #11552 Update SettingsJDBC.md by @bmontuelle
• #11532 [2.8.x] Do not use/recommend shutdownHook in Logback, Play handles that by @mkurz
• #11519 [2.8.x] Log websocket communication problems + handle special Netty case by @mkurz
• #11521 [2.8.x] Add WebSocket ping/pong support by @mkurz
• #11420 [2.8.x] Netty: Websockets should respect play.server.http.idleTimeout by @mkurz
• #11518 [2.8.x] Use environment file instead set-output by @ihostage

For more details see the full list of changes and the 2.8.19 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.18

The Play Team is happy to announce the release of Play 2.8.18.

📗 What is new?

This release includes a fix for #10590 to avoid StackOverflowErrors when sending multipart/form-data requests with many fields as payload. We recommend upgrading as soon as possible.

Following pull requests got merged for this release:

• #11491 [2.8.x] Upgrade Akka, Netty, Spring, Joda-Time by @mkurz
• #11360 To refactor BodyPartParser of Multipart in order to avoid StackOverflowError easily by @yousuketto
• #11465 [2.8.x] Update MIME types (backport #11406) by @PromanSEW
• #11464 [2.8.x] Upgrade netty-reactive-streams by @mkurz
• #11459 [2.8.x] Latest scala sbt versions by @mkurz

For more details see the full list of changes and the 2.8.18 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.17

The Play Team is happy to announce the release of Play 2.8.17.

📗 What is new?

Following pull requests got merged for this release:

• #11430 [2.8.x] Update Evolutions.scala (backport #11345) by @BlankFX
• #11419 SLF4J 2 compatibility: avoid direct usage of StaticLoggerBinder by @jfsoul
• #11367 link to ScalaCompileTimeDI doc from the DI section of the ScalaWS help by @ianknowles
• #11333 [2.8.x] Update branch in message (RedirectHttpsFilter) (backport #11332) by @PromanSEW
• #11320 [2.8.x] Remove 3rd party tools page by @felipebonezi
• #11309 Update ImplementingHelloWorld.md by @ysedira

For more details see the full list of changes and the 2.8.17 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.16

The Play Team is happy to announce the release of Play 2.8.16.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Patched a moderate CVE to prevent a denial of service when binding forms to deeply-nested JSON objects. #11301
• Patched a minor CVE that can sometimes result in developer mode errors showing in production mode. #11305
• Adds support for the 'bundleresource' protocol, when checking URLs. #11108

The following pull requests got merged for this release:

• #11305 [2.8.x] Introduce DevHttpErrorHandler by @BillyAutrey, @mkurz
• #11301 [2.8.x] add depth limit for JSON form binding by @gmethvin, @mkurz
• #11291 [2.8.x] GHA: Also release on publish event + secrets inherit by @mkurz
• #11289 [2.8.x] Refactor badges by @mkurz
• #11269 [2.8.x] Bump version of sharable workflows to v2 by @ihostage
• #11252 [2.8.x] Adding support for checking URL with protocol='bundleresource' existence by @asaelitz, @mkurz
• #11265 [2.8.x] Remove play-enhancer from docs, project is dead by @PromanSEW
• #11262 [2.8.x] Switch to GitHub actions by @mkurz
• #11228 [2.8.x] Make scripts more userfriendly if running outside of CI by @mkurz

For more details see the full list of changes and the 2.8.16 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Something you want to talk about for this release? Join the discussion

Play 2.8.15

The Play Team is happy to announce the release of Play 2.8.15.

📗 What is new?

The following are the relevant changes of this bugfix release.

🐞 Fixed Spring4Shell (CVE-2022-22965)

This RCE vulnerability might affect Play Java users that deploy their applications as a war file (e.g. in Tomcat).
More details can be found here: A note on Spring4Shell for Play Java users

🐞 About CVE-2020-36518 in Jackson and Play 2.8.x

Please see https://github.com/playframework/playframework/discussions/11222

☕ Experimental support for Java 17

You should now be able to run your Play applications with Java 17, but to do so, you have to make some adjustments.

⚠️ Even though people report running their Play 2.8.15+ apps on Java 17 without issues, support for Java 17 is experimental. ⚠️
⚠️ Make sure to test your application thoroughly before putting it into production. ⚠️

• If you are using Guice you have to make use of the latest version:

  // In your build.sbt add:
  libraryDependencies ++= Seq(
    "com.google.inject"            % "guice"                % "5.1.0",
    "com.google.inject.extensions" % "guice-assistedinject" % "5.1.0"
  )

• If you are using the Java routing DSL you have to upgrade typetools (see #10055 and #10814):

  // In your build.sbt add:
  libraryDependencies += "net.jodah" % "typetools" % "0.6.3"

• Avoid using jnotify for the FileWatchService (like in this removed test)
• To be able to run tests using OneServerPerTestWithComponents or GuiceOneServerPerTest (see #11209):

  // In your build.sbt add:
  Test / javaOptions ++= Seq(
    "--add-exports=java.base/sun.security.x509=ALL-UNNAMED",
    "--add-opens=java.base/sun.security.ssl=ALL-UNNAMED"
  )
  // Test / fork := true // This is the default anyway, just a reminder in case you changed it to false before

If you run into any other issues please let us know by opening a bug report, thanks!

📖 Following pull requests got merged for this release

• #11214 [2.8.x] Upgrade Spring to fix Spring4Shell vulnerability by @mkurz
• #11215 [2.8.x] Adjust welcome message for experimental Java 17 support by @mkurz
• #11210 Remove -XX:MaxPermSize, breaks on Java 17 by @mkurz
• #11207 [2.8.x] Update dependencies before next 2.8.x release by @mkurz
• #11206 [2.8.x] Partial support for Java17 by @mkurz
• #11205 [2.8.x] Fix docs: Passing request to WebSocket action not supported (backport #11172) by @mkurz
• #11202 [2.8.x] Reverts #11109 (downgrade ssl-config back to 0.4.x) by @mkurz
• #11200 typing error by @Sanabria13
• #11195 Doc fix: Body needs to be redirected with POST by @mkurz
• #11175 Update jquery dependency to 3.6.0 version by @morellik
• #11178 [2.8.x] Make the "please donate" message more friendly (backport #11177) by @jxtps
• #11129 Remove old or abandoned 3rd party play modules from module directory by @Max-AR
• #11149 [2.8.x] Update release drafter workflow by @mkurz
• #11146 [2.8.x] Rename master branch to main by @mkurz
• #11140 [2.8.x] Cleanup .github folder by @mkurz
• #11130 [2.8.x] Remove iteratees docs by @Max-AR
• #11117 [2.8.x] Renamed Boxfuse to CloudCaptain by @axelfontaine
• #11119 [2.8.x] change uri parse path error from warn to debug (backport #10151) by @fusuiyi123
• #11116 [2.8.x] Make sure to append -SNAPSHOT for sonatype by @mkurz
• #11109 [2.8.x] Use ssl-config to 0.6.0 by @mkurz

For more details see the full list of changes and the 2.8.15 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.13

The Play Team is happy to announce the release of Play 2.8.13.

📗 What is new?

Following pull requests got merged for this release:

• Dev server should not exit when it receives EOF (-1) #11088 by @mkurz
• play-ws 2.1.7 #11083 by @mkurz
• Bump versions (backport #11050) #11076 by @scala-steward and @mkurz
• [2.8.x] Add onLoadMessage #11071 by @mkurz
• Shutdown dev server when pressing CTRL+C during run #11064 by @mkurz
• ConsoleReader should be blocking in sbt 1.4+ since System.in already is non-blocking #11061 by @mkurz
• Updating log4j to 2.17 in docs (backport #11060) #11062 by @BillyAutrey
• Updating log4j ref in docs to 2.16.0 (backport #11053) #11054 by @BillyAutrey
• Show latest version of java supported in 2.8 in Requirements.md #11055 by @syntapy
• Upgraded version of log4j used in docs to 2.15.0 (backport #11051) #11052 by @jroper

For more details see the full list of changes and the 2.8.13 milestone.

❤️ Thanks to our premium sponsors!

If you find Play useful for work, please consider asking your company to support this Open Source project by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.11

The Play Team is happy to announce the releases of Play 2.8.11.

This release brings in a new version of Akka Http including security updates.

📗 What is new?

Following pull requests got merged for this release:

• Update play-json and play-ws #11030 by @octonato
• update play-ws #11028 by @octonato
• use new community sonatype profile #11024 by @octonato
• Fixed ###replace: tag that led to incorrect docs #10789 by @arid-mangoss
• Clarified the allowedhost blacklist usage in documentation #10839 by @FuriousTurtle
• bump guava dependency to fix vulnerability #10875 by @johnduffell
• bump: Akka 2.6.17 and Akka HTTP 10.1.15 for Play 2.8.9 #11019 by @ennru
• Fix IOException when using sbt thin client (backport #10890) #11014 by @mergify
• Remove Whitesource checks #11003 by @ennru
• Travis: remove explicit notifications (backport #10984) #11000 by @mergify
• [2.8x] Fix cron job by upgrading akka + scalaJava8Compat (for Scala 2.13 only) #10966 by @mkurz
• Fix variable substitution in evolution warning (backport #10931) #10960 by @mergify
• Fix cron jobs (repo.akka.io not used anymore) (backport #10961) #10963 by @mergify
• Add play-test to PlayImport (backport #10940) #10959 by @mergify
• Set MaxMetaspaceSize to 512m (like it was 4 month ago) (backport #10877) #10942 by @mergify
• fix: change project starter link (backport #10934) #10935 by @mergify
• Stop testing 0.13 #10932 by @ignasi35
• [2.8.x] Use sbt 1.5.5 for scripted tests #10926 by @mergify
• Update outdated links to scala-sbt.org in the documentation #10918 by @kaseken
• Fix tail-recursive deserializer (Lagom's #3241) (backport #10840) #10916 by @mergify
• Prefer -agentlib:jdwp= over -Xrunjdwp: (backport #10885) #10908 by @mergify
• Run tests against Scala 2.12.14 and 2.13.6 and sbt 1.5.3 (backport #10880) #10891 by @mergify
• Make sure scripted jobs use the same commit like publish-local did (backport #10855) #10872 by @mergify
• [2.8.x] Run scripted tests against sbt 1.5.2 #10856 by @mergify
• [2.8.x] Remove bintray leftovers (fixes CRON build) #10842 by @mkurz
• [2.8.x] Run tests with sbt 1.5.1 #10835 by @mkurz
• Binders for OptionalInt, OptionalLong, OptionalDouble (backport #10825) #10830 by @mergify
• Updated link to OWASP recommended to familiarize with CSRF #10828 by @TrevorNathan
• Also run netty http 1.1 microbenchmark encrypted (backport #10820) #10824 by @mergify
• Fix docs: Flash cookie is signed (bp #10818) #10821 by @mergify
• Initialize static Json objectMapper only once (bp #10808) #10812 by @mergify
• Long jobs should appear first on a stage #10811 by @ignasi35

For more details see the full list of changes and the 2.8.11 milestone.

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

If you find Play useful for work, please consider to support this Open Source project by becoming a backer or premium sponsor. You can donate to our Open Collective here.

Special thanks to the following contributors who helped with this release:

@FuriousTurtle, @PromanSEW, @TrevorNathan, @arid-mangoss, @ennru, @gmethvin, @ignasi35, @johnduffell, @kaseken, @mergify, @mergify[bot], @mkurz, @octonato, @rstento and @scala-steward

Full Changelog: 2.8.8...2.8.11

Play 2.8.8

📣 Play 2.8.8 Released

The Play Team is happy to announce the releases of Play 2.8.8.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Bump akka 2.6.14 #10806 by @ignasi35 which includes the bump to Jackson 2.11.x #10788 by @mergify.
• Add empty parentheses () to generated reverse route method depending on routes file (bp #10671) #10673 by @mergify. This is related to https://github.com/scala/scala/releases/tag/v2.13.3 and will likely introduce compilation errors on your code.
• Play no longer uses Bintray to distribute the sbt plugin #10804 by @ignasi35
• Add support for sbt 1.5.0 (bp #10796) #10799 by @mergify
• Make the routes generated sources reproducible #10735 by @mergify

Following pull requests got merged for this release:

• Bump akka 2.6.14 #10806 by @ignasi35
• Sunset bintray 2.1.x #10804 by @ignasi35
• Fix: Playdevmode compiles twice (requires sbt 1.4+) #10373
• Akka-Http-Server: allow Headers.remove() to remove Content-Type and Content-Length (bp #10797) #10801 by @mergify
• Run scripted tests with sbt 1.5.0 (bp #10796) #10799 by @mergify
• Update netty-transport-native-epoll to 4.1.63.Final (bp #10795) #10798 by @mergify
• Bump Jackson to 2.11.x (bp #10781) #10788 by @mergify
• revert changes to playCommonClassloaderTask since we are using scala 2.12.13 (bp #10782) #10783 by @mergify
• Make public DatabaseEvolutions.databaseEvolutions() (bp #10754) #10779 by @mergify
• [2.8.x] Add release-drafter workflow for 2.8.x branch + docs update #10775 by @mkurz
• [2.8.x] Upgrade dependencies before releasing Play 2.8.8 #10767 by @mkurz
• Update play-file-watch to 1.1.16 (bp #10759) #10761 by @mergify
• [2.8.x] Run scripted tests on sbt 1.4.x + refactoring #10723 by @mkurz
• fix Int overflow in BodyParsers.anyContent(maxLength: Option[Long]) (bp #10741) #10753 by @mergify
• Routes compiler: Remove generation date, keep the source relative (bp #10707) #10735 by @mergify
• Update play-file-watch to 1.1.15 (bp #10736) #10737 by @mergify
• [2.8.x] Support sbt 1.4 virtual files for compilation and config errors #10712 by @mkurz
• gitignore .bsp folder (Build Server Protocol / sbt 1.4) (bp #10631) #10722 by @mergify
• Scala 2.12.13 and 2.13.5 (bp #10718) #10721 by @mergify
• Upgrade akka and akka-http (bp #10717) #10719 by @mergify
• Catch Throwable instead of NonFatal when starting prod server (bp #10690) #10701 by @mergify
• QueryStringBindable.unbind(): Do-do-do URLEncode for all queryString keys! (bp #10370) #10694 by @mergify
• Add type annotation for Optional.empty (bp #10442) #10688 by @mergify
• Java forms should handle "foo[].bar" fields when using subforms (index missing) (bp #10680) #10682 by @mergify
• Java forms: Prefix a ValidationError's key with parent form field key (bp #10666) #10678 by @mergify
• [2.8.x] Support sbt 1.4 virtual files when displaying error source #10649 by @mkurz
• Add empty parentheses () to generated reverse route method depending on routes file (bp #10671) #10673 by @mergify
• Don't reload/(re-)compile or even start an app when shutting down in DEV mode (bp #10661) #10669 by @mergify
• In DEV mode, only set the editor in the error handler if config is valid (bp #10662) #10663 by @mergify
• Fix classloader memory leak, due to ClassTag (bp #10500) #10658 by @mergify
• build: Switch to using javafmtCheckAll (new version) (bp #9960) #10652 by @mergify
• fix DefaultTemporaryFileCreator leak (bp #10498) #10653 by @mergify
• Fix build cache issues (bp #10014) #10651 by @mergify
• Close digest-files in DefaultAssetsMetadata (bp #10639) #10646 by @mergify
• Caffeine Cache Manager - Expose cache names (bp #10637) #10645 by @mergify
• Correct the HostMatcher logic to get host and port (bp #10456) #10632 by @mergify
• shutdown-happy-path: make test more reliable (bp #10598) #10600 by @mergify

For more details see the full list of changes and the 2.8.8 milestone.

🙇 Credits

Special thanks to @mkurz for his continued contributions and insight to push Play forward, and, in this release in particular, for the extra work to make the release come true.

Also, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.

Special thanks to the following contributors who helped with this release:

@Captain1653, @asazernik, @benwaffle, @dwijnand, @eatkins, @gokhanoner, @helllamer, @ignasi35, @jtjeferreira, @marcospereira, @mkurz, @octonato, @pazvanti, @pschichtel, @raboof and @xuwei-k

Play 2.7.9

📣 Play 2.7.9 Released

The Play Team is happy to announce the releases of Play 2.8.7 and Play 2.7.9.

As we found a regression just after building the 2.8.6 and 2.7.8 releases, we followed up on those without announcing them.

📗 What is new?

The following are the relevant changes of this bugfix release:

• Let user overwrite limit memory size on form binding #10543
• The Play Runner now works on Mac OS Big Sur #10372
• We publish a Maven BOM pom.xml for Play 2.8 #10549

For more details see the full list of changes and the 2.7.8 and 2.7.9 milestones.

Migration

To make the form binding size limit configurable, some sources may need adaptation to make the FormBinding implicits available (see Parser maxMemoryBuffer limits).

🙇 Credits

Finally, thanks to the community for their help with detailed bug reports, discussion about new features, and pull requests review. Play is only possible due to the help we had from amazing contributors.

Thanks to Lightbend for their continued sponsorship of the Play core team's efforts. Lightbend offers commercial support for Play.