This patch was authored by @thecheatah and released by @tanner0101.

Changes default Date url-encoding to use unix timestamps instead of Apple-specific reference (#2276).

This patch was authored and released by @tanner0101.

Adds support for underscores in HTTP header directive keys. This fixes an issue with cookie names like _ga and _gid not being parsed correctly (#2266, fixes #2264).

This patch was authored and released by @tanner0101.

Improves error debugging including eintroduction of DebuggableError type and introduction of capturable stacktraces (#2239, #2219).

This patch was authored and released by @tanner0101.

Adds support for parsing HTTP forwarded header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded

req.headers.forwarded.first?.for // String?

This includes support for:

• Forwarded
• Via
• X-Forwarded-For
• X-Forwarded-Host
• X-Forwarded-Proto

Adds support for parsing HTTP content disposition headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

req.headers.contentDisposition?.filename // String?

These are implemented by a new HTTPHeaders.DirectiveParser for handling the complexities of HTTP header parsing like quoted strings, whitespace, etc. The new HTTPHeaders.DirectiveSerializer handles serialization. HTTPHeaderValue has been deprecated.

This patch was authored by @jshier and released by @tanner0101.

Fixes a deprecation warning from swift-nio-http2 requiring version 1.11.0 (#2261).

This patch was authored and released by @tanner0101.

Request.BodyStream is now closed correctly when an error is caught while decoding streaming requests (#2258, fixes #2253).

This patch was authored and released by @tanner0101.

Changes the close mode to .output when closing a non-keepalive connection after the response is sent (#2257, fixes #2252).

This patch was authored and released by @gwynne.

• Might as well let Sequences have them as well as Collections
• Make hexEncodedBytes() public, why wouldn't it be?
• Specialize hexEncodedBytes() on Collection to use a (theoretically) more efficient method. It's probably a completely unmeasurable difference in practice.
• Add unit test to make sure it works on Sequences properly. (Sure, it crashes if you try something like sequence(0) { $0 + 1 }.hex, but that's to be expected. Maybe at some point a length limit check can be added.)

This patch was authored by @bridger and released by @tanner0101.

The maximum frame size of an incoming WebSocket packet can be configured. This fixes issues for apps that were running into the limit (#2195, fixes #2194).

let maxFrameSize: Int = 1024 * 1024 * 2 // 2mb
app.webSocket("api", "ws", maxFrameSize: .override(maxFrameSize)) { (request, ws) in
    websocketController.connected(request: request, connection: ws)
}

This patch was authored by @seeppp and released by @tanner0101.

The initializer of Validator is now public for creating custom validators (#2232, fixes #2231).

This patch was authored and released by @tanner0101.

Automatically removes double-quotes from HTTP cookie values after trimming whitespace (#2215, fixes #2207).

This patch was authored and released by @tanner0101.

Fixes a parsing error caused by .env files with no trailing newline (#2225, fixes #2220).

This patch was authored and released by @tanner0101.

Updates to SwiftMetrics 2.0 which adds a new case the TimeUnit enum (#2224, fixes #2213).

⚠️ Metrics is no longer @_exported by Vapor. Add import Metrics to any files you use SwiftMetrics in.

This patch was authored and released by @tanner0101.

Adds support for percent-decoding paths supplied to FileMiddleware (#2223, fixes #2212).

Adds Response.Body.collect method for asynchronously collecting streaming response bodies (#2223).

This patch was authored and released by @tanner0101.

Correctly sends .end when draining a body with collected buffer (#2222, fixes #2210).

This patch was authored and released by @tanner0101.

Improves HTTP server compression configuration APIs.

app.server.configuration.responseCompression = .disabled
app.server.configuration.requestDecompression = .enabled(
    limit: .ratio(15)
)

This patch was authored by @tonyarnold and released by @tanner0101.

Fixes a compile error introduced by #2103.

This patch was authored and released by @tanner0101.

Adds Request.storage and Response.storage for storing user-defined values. userInfo has been deprecated since Storage is more type-safe and performant (#2216).

This patch was authored by @siemensikkema and released by @tanner0101.

This is technically a breaking change since some public API is being removed, but it is not being used anywhere.

• Remove unused ValidatorType
• Avoid force unwrap.
• Avoid illegal count and range operators by not exposing .range() and .count().

AbortError's constructor no longer ignores the supplied identifier (#2205).

Ports Base32 APIs from Vapor 3's Crypto library to Vapor 4 now that we rely on SwiftCrypto.

let data = Data([1, 2, 3, 4])
XCTAssertEqual(data.base32EncodedString(), "AEBAGBA")
XCTAssertEqual(Data(base32Encoded: "AEBAGBA"), data)

This patch was authored and released by @tanner0101.

Adds ByteBuffer.string helper for converting a ByteBuffer's readable bytes view to a String (#2206).

This patch was authored and released by @tanner0101.

• Adds new configuration options for URLEncodedFormDecoder / Encoder. This includes support for encoding and decoding arrays using brackets, separate values, or character-separated values (#2180, #2204).

• Adds the ability to use the Content API with XCTVapor's request and response (#2204).

• Brings vapor/multipart-kit into the Vapor module (#2204).

• Updates to Swift 5.2 (#2204).

Release candidates represent the final shift toward focusing on bug fixes and documentation. Breaking changes will only be accepted for critical issues. We expect a final release of this package shortly after Swift 5.2's release date.

Improves error handling on WebSocket connections. Improvements to WebSocket-Kit intercept errors or timeouts at the ChannelHandler level and expose them to the WebSocket class.

Now, when an error occurs (such as a malformed WebSocket frame) the error is available via the closeCode on WebSocket. Example:

func connected(request: Request, connection: WebSocket) {
  _ = connection.onClose.always { (result) in
      let closeReason = connectionInfo.connection.closeCode ?? .unknown(0)
      // Application-specific cleanup code here
  }

}

This patch was authored by @bridger and released by @tanner0101.

• When using HTTP compression (gzip, deflate), the decompression limit was hardcoded at a ratio of 1:10 (#2192). It is now possible to specify a custom limit. The default remains unchanged.

This patch was authored by @gwynne and released by @tanner0101.

Migrate from Vapor's OpenCrypto library to Apple's new Swift Crypto library. This reduces the burden on Vapor on having to maintain a crypto library and completely removes OpenSSL as a dependency 🎉

The downside of this is that Vapor 4 will require macOS 10.15, but the tradeoff is worth it.

Adds missing overloaded get method with [PathComponent] for the path parameter in the RoutesBuilder. (Fixes #2147)

Sets a ratio limit of 10x for decompressed HTTP requests.

Adds support to load Environment variables content's from files (#2190, fixes #2006).

This functionality can be useful when dealing with Docker and Docker secrets or Kubernetes Secrets.

For example, if you have a file which includes the password for your database you can load this much easier from disk than previously.

let databasePasswordOnAppBoot = Environment
    .secret(path: "<Path to your file>", fileIO: app.fileio, on: app.eventLoopGroup.next())
    .unwrap(or: Abort(.badRequest))

Example from inside a request:

let secretPasswordUsedInARequest = Environment
    .secret(path: "<Path to your file>", fileIO: req.application.fileio, on: req.eventLoop)
    .unwrap(or: Abort(.badRequest))

It also supports loading the path from an existing Environment variable:

let passwordSecret = Environment
    .secret(key: "PASSWORD_SECRET_FILE = ", fileIO: app.fileio, on: app.eventLoopGroup.next())
    .unwrap(or: Abort(.badRequest))

Added Enum validation for RawRepresentable enums. Checks to see if a value can be represented as a specific enum, and if enum is CaseIterable, reports the possible values too.

e.g.:

final class TestModel: Content, Validatable {
  enum CustomEnum: String, Content, CaseIterable {
    case test, ok
  }

  let type: CustomEnum

  static func validations(_ validations: inout Validations) {
    validations.add("type", as: String.self, is: .case(of: CustomEnum.self))
  }
}