CHANGELOG.md

Changelog

Version 3.6.2

• Expose new_ssl feature for rustls support from tiny-http.
• Switch to sha1-smol for a smaller footprint, more stable hash library.
• Remove dependency on num_cpus using std::thread::available_parallelism instead.

Version 3.6.1

Reverts Added a number of default features as it breaks any downstreams who were specifying default-features = false.

Version 3.6.0

• Added rustls support (via tiny-http), if you're currently using the ssl feature you can switch from OpenSSL to Rustls by instead enabling the rustls feature in your Cargo.toml.
• Added a number of default features to allow users to reduce their dependency graph where they don't need all the functionality Rouille provides. logging, assets, post and session are now optional, but enabled by default for backwards compatibility.
• Correctly support 'flag' type query parameters where the parameter has no associated value. Previously a query like GET /?foo would return None from get_param, instead of Some("").
• Updated tiny-http to 0.12.0, further reducing the dependency tree by breaking our hard requirement on time-rs. This version of tiny-http also enables Unix socket listeners, which will be exposed in a future release of Rouille.

Version 3.5.0

• Replaced our use of the brotli2 crate with the alternative pure Rust implementation brotli. This removes Rouille's vulnerability to RUSTSEC-2021-0131, which existed due to brotli-sys bundling a vulnerable version of the underlying C library.
• Unpinned time-rs and as a result increased our MSRV to 1.51, we don't have a formal MSRV policy and the ecosystem is making it more and more difficult to support compiler versions more than about 6 months old.

Version 3.4.0

• Resolved a number of cleanup & refactoring TODOs
• Correctly identify non-lowercase content types as text (e.g. text/JSON would be incorrectly identified as non-text).
• Pinned time-rs to 0.3.2 to avoid a semver-breaking change in their MSRV.
• Bumped chrono to 0.4.19 and disabled their default feature set to avoid warnings about RUSTSEC-2020-0071 (Rouille was never vulnerable, but used a vulnerable version of chrono).

Version 3.3.1

• Use .strip_prefix in place of .starts_with where appropriate, this stops a Clippy lint from leaking out of our router! macro and into downstream code.

Version 3.3.0

• Bumped minimum supported Rust version to 1.48
• Added module-level documentation for rouille::content_encoding
• Updated time dependency to 0.3 and postgres to 0.19 to fix a compile failure due to a yanked version of sha1.
• Fixed numerous typos in the crate documentation.

Version 3.2.1

• Removed unused dependency term and updated rand, multipart, deflate and time to latest supported versions.

Version 3.2

• Add ResponseBody::from_reader_and_size for constructing a ResponseBody from a Reader and an already known size such that Content-Length may be set on the response.

Version 3.1.1

• Replace all uses of deprecated try! with ? to suppress warnings that can leak out of macro contexts.

Version 3.1.0

• Add Server::poll_timeout() for polling more efficiently.
• Add Server::stoppable() for running a single, cancellable server thread.
• Add Server::join() for finalising all in-flight requests before shutting down.
• Prevent infinite loop on Websocket EOF
• Update tiny-http to 0.8.1 containing fixes for:
  • HTTPS deadlock where one request holds a locked resource while another is attempting HTTPS negotiation
  • Fix RUSTSEC-2020-0031
  • Don't set Transfer-Encoding: chunked on 1xx or 204 responses (which can lead to clients hanging).
• Bump minimum support Rust version to 1.41.1

Version 3.0.0

• Bump minimum supported Rust version to 1.34.2
• embedded, exposed url version increased to 2.0
• Don't use deprecated Error::description()

Version 2.2.0

• Bump minimum supported Rust version to 1.20.0.
• Expose that the Request body (accessible with request.data()) has a Send bound.

Version 2.1.0

• Replace flate2 with deflate
• Fixed handling of url-encoded path components in route!() macro. Previously, URL was eagerly decoded and thus would fail to match intended routes if special characters were used (such as ? or /). Now, individual matched components are decoded after matching.
• Added Response::empty_204.
• Added ssl feature and new_ssl constructor to Server, for https support. The certificate and private key must be supplied by user.

Version 2.0.0

• Dropped the use of rustc-serialize in favor of using serde.
• Updated multipart to 0.13. The input::multipart::get_multipart_input function returns types reexported from multipart which have small but breaking API changes.
• Update Server with an option to use a thread pool to process requests

Version 1.0.0

• input::cookies changed to return an iterator that yields (&str, &str).

Version 0.4.2

• The content_encoding module now supports brotli.
• Added an accept! macro similar to a match expression that chooses a block depending on the value of the Accept header of the request.
• Added proxy::full_proxy. It behaves the same as proxy but returns more status codes and less errors.
• Added Response::from_data, from_file, with_content_disposition_attachment, empty_406, with_public_cache, with_private_cache, with_no_cache, without_header, with_additional_header and with_unique_header for easier response manipulation.
• Added Request::headers() that provides an iterator to the list of headers.
• Added input::priority_header_preferred and input::parse_priority_header to easily parse request headers such as Accept or Accept-Language.
• MIME types that contain "font" are now also compressed by the content_encoding module.
• Changed text/xml to application/xml in the MIME types auto-determination.

Version 0.4.1

• Added a Server struct as an alternative to start_server for manual control over the behavior.
• Added a content_encoding::apply function that applies Content-Encoding to a response.
• The try_or_400! macro now returns a response whose body describes the error in JSON.
• The try_or_400! macro now requires the error to implement the std::error::Error trait.

Version 0.4.0

• Added support for websockets with the websocket module.
• Added Request::do_not_track() to query the DNT header.
• Renamed get_json_input() to json_input().
• Renamed get_cookies() to cookies().
• Renamed get_basic_http_auth() to basic_http_auth().
• The logs now show the time of the start of the request processing.
• Request::header() now returns a Option<&str> instead of Option<String>.
• Response::svg() and Response::html() now take a Into<String> instead of a Into<Vec<u8>>.
• Renamed Response::error() and success() to is_error() and is_success().
• The headers field of Response are now Vec<(Cow<'static, str>, Cow<'static, str>)> instead of Vec<(String, String)>.
• Removed Response::redirect and replaced it with redirect_301, redirect_302, etc.
• Added Response::with_etag() to add an ETag header to a response.
• Added an upgrade field to Response, necessary for websockets.
• Fixed being able to set the value of the Content-Length and Transfer-Encoding headers.
• plain_text_body now has a limit of 1 MB of data before returning an error.
• Added plain_text_body_with_limit which does the same as plain_text_body but with a customizable limit.
• Implemented the std::error::Error trait on all error types.
• Added Response::into_reader_and_size() to retrieve a Read object from a ResponseBody.
• Fixed issue with static files not being found on Windows because of / and \ mismatch.

Version 0.3.3

• Added the proxy module with basic reverse proxy.

Version 0.3.2

• Added the rouille::input::plain_text_body function.

Version 0.3.1

• Empty Vecs are now allowed for POST input.

Version 0.3.0

• Reworked POST input. You can now use the post_input! macro instead of creating a decodable struct.
• Removed the input::session module and replaced it with the session module. Sessions no longer store data in a hashmap, but instead only provide a way to generate a unique ID per client.

Version 0.2.0

• Fixed the + character in the query string not being replaced with a space as it should.
• Request::data() now returns an Option<impl Read> instead of a Vec<u8>. If data() is called twice, the second call will return None.
• RouteError has been removed. You are now encouraged to return a Response everywhere instead of a Result<Response, RouteError>.
• The try_or_400!, find_route! and assert_or_4OO! macros and the match_assets function have been adjusted for the previous change.
• Added a try_or_404! macro similar to try_or_400!.
• In the case of a panic, the response with status code 500 that the server answers now contains a small text in its body, indicating the user that an internal server error occured.
• Added Response::empty_400(), Response::empty_404(), Response::success() and Response::error().