Changelog

2.0.0

Breaking change: JAX-RS now uses the jakarta.ws.rs-api 3.0.0 dependency, meaning all references to the javax.ws.rs package must be changed to the jakarta.ws.rs package.

This change will affect you if, upon upgrade to Mu Server 2.x, you see compile-time errors similar to: package javax.ws.rs does not exist or at runtime you see an error message from ResourceClass starting with The class <classname> contains an old version of the JAX-RS implementation then you need to migrate your JAX-RS resource classes.

This is because JAX-RS is part of Java EE, which Oracle transferred to an open source foundation, and this required moving packages from javax.* to jakarta.* for Java EE classes, as described in this blog at Oracle.com.

For projects with few Java EE dependencies, this can be as simple as doing a global find and replace on your codebase, replacing javax.ws.rs with jakarta.ws.rs and then rebuilding.

However, if using old versions of dependencies that use the javax.* package then you may need to upgrade or change those. For example, com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider should be replaced with the com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider artifact.

1.1.2

  • Upgraded to Netty 4.1.109

1.1.1

  • Stop returning Access-Control-Allow-Origin: "null" when CORS is not allowed for an origin, as per this recommendation.

1.1.0

  • Bug fix: in a JAX-RS handler, UriInfo.resolve(URI) is now relative to the base URI and UriInfo.getPathParameters() now correctly returns @PathParam values.

1.0.7

  • Improved performance when publishing a large string in an SSE message which has no line breaks. See pull request 47.
  • Bug fix (issue #46): removed invalid header character in ContentTypes.WEB_APP_MANIFEST which caused those files to fail to load.

1.0.6

  • Bug fix: corrected encoding of ampersands inside querystring values when the ContextHandler redirects from /contextName to /contextName/ with a querystring.

1.0.5

  • Upgraded to Netty 4.1.107
  • No longer throw an IllegalStateException when setting the status on an errored response, as the exception will be thrown later in a more intuitive place when IO is attempted
  • Allow custom SecurityContext implementations to be declared in jax-rs method parameters.

1.0.4

  • Fixed bug (issue #45) where server.sslInfo().certificates() would fail to get cert info after the SSL certs are changed at runtime

1.0.1

  • Upgraded to Netty 4.1.104

1.0.0

Breaking changes: this is the first major release of mu-server. There is no new functionality since the previous version except to remove all methods, parameters and classes that were marked with @Deprecated in the 0.x versions.

If you have been using deprecated methods, you may wish to:

  1. Use mu-server version 0.74.3
  2. Follow all the deprecation warnings. The javadoc will explain how to fix each deprecation warning.
  3. Upgrade to the latest version

Tip for maven users: to download sources for all dependencies, run mvn dependency:sources

Change list:

  • Removed deprecated features
  • Upgraded to Netty 4.1.101

0.74.3

  • Upgraded to Netty 4.1.100
  • When an exception is encountered when writing a jax-rs response entity and the response has not started, clear the added headers so that the exception handler can add its own headers without clashing.

0.74.1

  • Upgraded to Netty 4.1.95
  • Implemented the JAX-RS Response readEntity and buffer options. Closing the response no longer throws an exception.

0.74.0

  • Upgraded to Netty 4.1.94
  • Bug fix: when no rate limiters are specified, MuServer.rateLimiters() returns an empty list (instead of throwing an exception).
  • OpenAPI JSON does not write values when no values are specified, allowing clients to apply their own defaults. Fixes a bug where explode was incorrectly set sometimes causing queries from UIs such as swagger to add commas into array values rather than having multiple parameters.

0.73.6

  • Upgraded to Netty 4.1.91
  • Bug fix: when a request path starts with // the request gets redirected with the extra slash removed, rather than the previous behaviour where the first path segment would be ignored.

0.73.5

  • Upgraded to Netty 4.1.89

0.73.4

  • Downgraded to Netty 4.1.84 (from 4.1.87) because versions 4.1.85 to 4.1.87 have a memory leak issue when reading request bodies.
  • JAX-RS responses over HTTP2 will ignore connection headers, as per HTTP2 spec.

0.73.3

  • Added getters to MuServerBuilder, ResourceHandlerBuilder, RestHandlerBuilder and Http2ConfigBuilder to expose the current values on those builders.

0.73.1 and 0.73.2 were not released.

0.73.0

0.72.22

  • Pre-constructed KeyStore objects can now be passed to the HttpsBuilder
  • When reading binary data from a web socket, the binary data can optionally be held and released at a later time via a new callback
  • Updated to Netty 4.1.87
  • Added Mutils.pathAndQuery(URI) method to quickly get the path with querystring from a URI.

0.72.21

  • Updated to Netty 4.1.86

0.72.20

  • mp4 files are now served with the video/mp4 content type
  • jakarta.ws.rs.ext.RuntimeDelegate.createHeaderDelegate now supports java.util.Date
  • Added io.muserver.rest.CORSConfigBuilder.toHandler so that CORS handlers can be more conveniently created from CORS config.

There were no releases for 0.72.18, and 0.72.19.

0.72.17

0.72.16

  • Updated to Netty 4.1.78

0.72.15

  • Fixed UriBuilder.uri() method to handle encoded paths and query string values

0.72.14

  • Added support for converting comma-separated X-Forwarded-* headers to Forwarded headers
  • Added MuRequest.clientIP() to get an IP address taking into account forwarded headers.

0.72.13

  • Bug fix: When a write fails, don't try to update the response state if the response state is already in an end state.

0.72.12

  • Bug fix: Made it so unhandled exception handlers that stream custom errors get closed when completed.

0.72.11

  • Bug fix: Made async SSE publishers (which includes jax-rs SseSinks) detect client disconnections and mark the publisher as closed

0.72.10

  • Allow collections of UploadedFile objects in JAX-RS method parameters to be wildcard types, primarily to make it work with Kotlin lists
  • Changed default idle timeout from 5 mins to 10 mins as it appeared to be a little too aggressive for some use cases
  • Upgraded to Netty 4.1.77

0.72.9

  • Updated to Netty 4.1.75

0.72.8

  • Added MuServerBuilder.withExceptionHandler to allow custom exception handlers

0.72.7

  • Added ability to send partial websocket messages

0.72.6

  • In web socket listeners, Continuation frames are no longer aggregated; instead an isLast parameter has been added to onBinary and onText. This is non-breaking to existing implementations in that they will just ignore the isLast flag. The existing callback functions are marked as deprecated and so implementers should move to the versions with the isLast parameter.
  • Added a few toString() methods to various classes just to make logging and debugging a bit nicer

0.72.5

  • #36 Allow JAX-RS resources to implement interfaces with default implementations
  • Fixed bug where a request body input stream closed twice would cause an exception

0.72.4

  • Fixed bug where request bodies that exceeded the maximum upload limit could leak memory for a time
  • Improved the back pressure of HTTP/2 connections when request bodies are being uploaded

There was no releases for 0.72.3.

0.72.2

  • HEAD responses that set no content-length no longer set a content-length of 0 (there should be no content-length header)

0.72.1

Versions from 0.71.4 to 0.72.0 included a change to enabled OCSP staping which was subsequently rolled back due to the reasons described here so this 0.72.1 release includes changes from 0.71.x.

  • Headers.toString() no longer prints the values of cookie, set-cookie or authorization headers in order to reduce the chance of accidentally logging potentially sensitive information (the header names are still printed however the value printed will be (hidden)). To customize (or disable) value redaction, Headers.toString(Collection<String> toSuppress) can be used.
  • Updated to Netty 4.1.72

0.71.3

  • Updated to Netty 4.1.71

0.71.2

  • Added support for JAX-RS Response.variant and Response.variants. Also, selectVariant allows qs parameters to specify server-preferred types and uses same sorting algorithm as the JAX-RS method matching algorithm
  • Made JaxRSResponse set (rather than add) headers which should only ever have one value, such as content-language

0.71.1

  • Bug fix: in JAX-RS, when SPLIT_ON_COMMA is on and an empty string is given an empty list (rather than a list with an empty string) is returned for collection parameters

0.71.0

  • Older versions of Mu Server's JAX-RS implementation automatically split string collection query string parameter values on commas, which while convenient was against the spec. This behaviour is now optional but by default the only way to specify multiple query string parameters is by having multiple name-value pairs of the parameter. In order to prevent this being a breaking change, upon starting the server if it is detected that your server may be affected then the server will not start and you will be forced to set the value of this with the RestHandlerBuilder#withCollectionParameterStrategy method.
  • Fix: Allow JAX-RS filters to change URI information and headers referenced by QueryParam and HeaderParam annotations in resource methods
  • Fix: Correct annotations are passed to custom message body readers and writers
  • Cookies can be injected as JAX-RS parameters like so: @CookieParam Cookie cookie
  • Added support for path segments and matrix parameters in JAX-RS methods
  • Allow custom annotations to be used on HTTP methods in JAX-RS (as long as they are supported by Mu Server).

The 0.70.x releases contained a breaking change that was reverted in 0.71.0 and so these releases should be skipped and ignored.

0.62.5

  • Allow JAX-RS request precondition evaluation
  • JAX-RS Content negotiation now supported
  • Allow jax-rs Request objects to be injected to methods with the @Context annotation

0.62.3 and 0.62.4 were not released.

0.62.2

  • JAX-RS entity reader interceptors can now be registered on a RestHandlerBuilder

0.62.1

This includes changes in the 0.62.0 release which was not published.

  • In OpenAPI JSON, custom schemas are now exposed in the /components/schemas section of the JSON (although it is not currently referenced elsewhere).
  • Upgraded to Netty 4.1.70
  • Path params in sub resource locators are now documented in OpenAPI JSON documents

0.61.15

  • Allow JAX-RS filters to retrieve the Mu Request and ResourceInfo objects from properties. Example: ResourceInfo resourceInfo = (ResourceInfo) requestContext.getProperty(MuRuntimeDelegate.RESOURCE_INFO_PROPERTY); (or use MuRuntimeDelegate.MU_REQUEST_PROPERTY to get the Mu Request).
  • Upgraded to Netty 4.1.69

0.61.14 was not released

0.61.13

  • Made it so when downloading a fixed-size file from the file system, but the file is being written to, then only the number of bytes that were there when the download was started will be sent (such that the content-length header won't clash with the response body size).

0.61.12

  • Upgraded to Netty 4.1.66

0.61.11 was not released

0.61.10

  • Fix: fixed bug where in certain issues HTTP2 data frames could be out of order

0.61.9

  • Fixed bug in HTTP2 back pressure handling where frames waiting in a queue when writing is paused due to back pressure could be skipped.

0.61.6, 0.61.7 and 0.61.8 were not released.

0.61.5

  • Fixed bug where during certain HTTP2 back pressure scenarios, the publishing of frames may be unduly delayed.

0.61.4 was not released.

0.61.3

  • Fixed bug where a 408 Request Timeout may be sent even when a request body is being sent data faster than the request timeout.

0.61.2

  • Fixed the completion state of request bodies which would not be marked as "complete" in certain situations.
  • Fixed bug where serving static resources from multiple classpath jars would not work.

0.61.1

This includes changes from the unpublished 0.61.0 release

  • Fixed memory leaks when using HTTP2

0.60.8

  • When a JAX-RS filter uses abortWith(Response) an exception mapper is no longer invoked with that Response mapped in a WebApplicationException.
  • Fixed bug where a response thrown in a post-match filter that didn't have a content-type set was throwing a Server exception.
  • Upgraded to Netty 4.1.63

0.60.7 was not released.

0.60.6

  • Upgraded to Netty 4.1.62

0.60.5 and 0.60.4 were not released.

0.60.3

  • JAX RS input streams are now closed even if the consumer doesn't. This prevents JAXRS requests that have unclosed input stream readers from hanging.

0.60.2

  • Allow fixed-length request body uploads that are greater than around 2.6gb (or to be specific, where the request size is greater than Integer.MAX_VALUE bytes)

0.60.1

This includes changes from the unpublished 0.60.0 version.

  • Major changes to the way IO is working under the hood to fix several back-pressure related bugs and to make transferring of data in requests and responses more efficient.
  • Allow form parameter uploads to be larger than the java heap size (when uploads are streamed to disk for example)
  • Non-alphanumeric unreserved characters (~_-.) are not percent encoded when passed to handlers. This allows non-urlencoded route declarations such as /~home
  • Added image/avif as a supported mime type
  • Fixed encoding issue where multibyte characters split over http chunks in result bodies would be corrupted when reading the body as a complete string
  • If a connection dies between submitting it to the executor and the execution starting, then it should be considered rejected due to overload.
  • Moved the websocket onConnection handler to only after an upgrade is successful
  • Fixing disconnection-during-upgrade race condition on websockets
  • Fixed oversized request bodies to be rejected correctly for various body readers
  • The web socket session end state is ERROR or TIME_OUT when the API user doesn't close the socket
  • Made JAX-RS string response size calculation more memory efficient
  • File objects can be @FormParam parameters in JAX RS methods

0.56.5

  • Rate limit buckets are now exposed in the server interface so you can see how many requests are in progress for each bucket

0.56.4

  • Upgraded to Netty 4.1.56

0.56.3

  • In JAX-RS, if a sub-resource locator method throws a web application exception, then use that for the client response

0.56.2

  • Better cancelling of in-flight requests when idle timeout hits in HTTP 1

0.56.1 contained changes in test code only.

0.56.0

  • Fix: don't send 408s if the full request has been read

0.55.6

  • Fixed bug where PKCS12 certs with no SANs could through a Null pointer exception on startup

0.55.5

  • Added support for reading and writing LocalDate, LocalDateTime, LocalTime, OffsetDateTime, OffsetTime, ZonedDateTime Year and YearMonth objects in JAX RS methods. For example you can use parameters such as @QueryParam("date") LocalDate date