Release 1.9.1

Release 1.9.1 contains a few fixes, one improvement and several dependency updates.

Fixes

• Fix broken struts pet-store sample project (#479) - thanks to @jogep for contributing
• Corrected Spring Boot 2 sample template (#484)
• Fixing NullPointerException in case of non defined statusCode (#497) - thanks to @anmolk6 for contributing

Improvements

• Add ALB Context to API GW Payload V2 (#489) - thanks to @driverpt for contributing

Dependencies

• Update Jersey dependencies to 2.37
• Update Jackson databind version to 2.14.1 (CVE-2022-42003)
• Explicitly set version for transitive commons-text dependency (CVE-2022-42889)
• Explicitly add more recent commons-io version (#488)
• Update Spring dependencies (framework to 5.3.24, security to 5.7.5, boot to 2.7.6)
• Update Struts dependency to 6.1.1
• Update lambda-java-core dependency to 1.2.2
• Update SLF4J to 2.0.6
• Update Mockito dependency to 4.9.0
• Update some Maven plugins to allow build with JDK17

Release 1.9

Release 1.9 contains several improvements and dependency updates.

In case you are using Struts, please note that you need to use a different artifactId (aws-serverless-java-container-struts) starting with this release.

Improvements

• add single value headers and query string params (#315) - thanks to @sigpwned for contributing
• docs: Documenting use of suppress warnings for path traversal in security utils (#473)
• samples/ archetypes are now using java11 (instead of java8) runtime

Dependencies

• Update to the new Struts 6 major version (#471) - thanks to @jogep for contributing
• Update Spring dependency versions (framework to 5.3.22, security to 5.7.3, boot to 2.7.3)
• Update Spark version to 2.9.4
• Update Jackson version to 2.13.4
• Update SLF4J version to 2.0.2
• Update Log4J version to 2.19.0
• Update Jersey version to 2.36

Release 1.8.2

Release 1.8.2 contains a fix and dependency updates.

Fixes

• AwsHttpApiV2ProxyHttpServletRequest.headersMapToMultiValue truncates the user-agent (#464, #465) - thanks to @bqader for contributing

Dependencies

• Update Spring dependencies (framework to 5.3.20, security to 5.6.5, boot to 2.6.8)
• Update Jackson version to 2.13.3

Release 1.8.1

Release 1.8.1 contains a few fixes and dependency updates.

Fixes

• use environment variables to tune async init - and not system properties (#450)
• add JsonIgnoreProperties to HttpApiV2ProxyRequestContext to avoid UnrecognizedPropertyException for Lambda Function URLs with IAM auth (#460)

Dependencies

• Update Spring dependencies (framework to 5.3.19, security to 5.6.3, boot to 2.6.7)
• Update Struts2 version to 2.5.30

Release 1.8

Release 1.8 contains several improvements, fixes and dependency updates.

Improvements

• Add support for HTTP API cookie parameter (#452, #453) - thanks to @arthurkamwt for contributing
• Add environment variables to tune async init without the need to recompile (#450)

Fixes

• AwsHttpApiV2ProxyHttpServletRequest.getParameterMap returns arrays containing null for empty query params (#427)
• ${} versions in archetypes need escaping otherwise they will be replace directly

Dependencies

• Update Spring dependencies (framework to 5.3.17, boot to 2.6.5, security to 5.6.2)
• Update OWASP dependency checker to 6.5.3
• Explicitly set commons-io version to 2.11.0 to avoid older transitive dependency version (CVE-2021-29425)
• Update Log4J version to 2.17.2
• Move spotbugs plugin config to parent pom
• Update Jackson version to 2.13.2/ 2.13.2.1 (databind) (CVE-2020-36518)
• Update commons-codec version to 1.15

Release 1.7

Release 1.7 contains several improvements and dependency updates.

Improvements

• Add support for Lambda Authorizers in combination with Http API 2.0 payload format (#386)
• Change AwsHttpServletRequest constructor to protected to allow extension (#422)
• Jersey startup time improvements (#366)
• Updated sample and archetype maven build files to avoid "The packaging for this project did not assign a file to the build artifact" message (#336)
• fix: asyncInit() code sample (#391)
• fix: form param names must be included in getParameterNames() (#340)
• getServletContextName() must not throw UnsupportedOperationException (#448)

Dependencies

• Update Spring dependencies (framework to 5.3.15, boot to 2.6.3, security to 5.6.1)
• Update Log4J dependency to 2.17.1 (CVE-2021-45105, CVE-2021-44832)
• Update Struts2 dependency to 2.5.29
• Update SLF4J version to 1.7.36
• Minor dependency updates (Jackson, Jersey, Jetty, aws-lambda-java-log4j2, lambda-logging)
• Remove unused jetbrain annotations dependency

Other changes

• Release is now automated through a GitHub action

Release 1.6.1

Release 1.6.1 is a bug-fix release

Dependencies

• Update to Log4J 2.16.0 (CVE-2021-44228)

Release 1.6

Release 1.6 contains major dependency updates and drops support for Spring Boot 1.x.

Improvements

• Move afterburner registration to dedicated method to better support frameworks that want to use the module in GraalVM (#369 - thanks to @geoand)
• Improved extensibility to allow other servlets besides Spring DispatcherServlet (#399)
• Fixed build process with latest Gradle version and JDK 11

Dependencies

• Spring Boot 1.x is no longer supported (was already deprecated in a previous release), please migrate to Spring Boot 2.x https://spring.io/blog/2019/08/06/it-is-time-goodbye-spring-boot-1-x (#419)
• Update to Spring Framework 5.3.9, Spring Security 5.5.1 and Spring Boot 2.5.3
• Update to Apache HttpComponents Core 4.14.4 - This is now declared as an optional dependency and only used by AwsProxyRequestBuilder (#394)
• Update to Apache HttpComponents Client 4.5.13
• Update to Struts 2.56 (#395 - thanks to @jogep)
• Update to SLF4J 1.7.32
• Update to Log4J 2.14.1
• Update to JUnit 4.13.2
• Update to Jackson 2.12.4
• Update to Sparkjava 2.9.3
• Update to aws-lambda-core 1.2.1
• Update to Jersey 2.34
• Update to Hibernate Validator 5.4.3/ 6.1.7

Release 1.5.2

Release 1.5.2 is a bug-fix release

Bug fixes

• Parametrized response writer to support HTTP API V2 proxy model that requires the single-value headers map to be populated (#377)
• Changed the base64 encoder for binary data in the response writer to the default encoder not the MIME encoder (#339)

Dependencies

• Bumped Spring version to 5.2.9 to address CVE (#380, thank you @jabhijeet!)

Release 1.5.1

Release 1.5.1 is a bug-fix release

Bug fixes

• Fixed query string parsing for HTTP APIs when parameters have no values (#363)
• Added missing field in the proxy request format for HTTP APIs (#358)
• Moved slf4j dependency to a stable release (#355 - thank you, @antjori)
• Fixed encoding for Content-Type application/json (#352, #344)