All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
v1.10.1 - 2023-11-28
- Server errors are no longer serialized back to the client since this might leak sensitive information through the error message. (#1126)
- When
show
ingHTTP.Request
andHTTP.Response
the values for the headersAuthorization
,Proxy-Authorization
,Cookie
, andSet-Cookie
are masked with*
s since they might include sensitive information. (#1127)
- Restrict
HTTP.isredirect
to arguments of integer types. (#1117) - Fix
HTTP.getcookies
error when key doesn't exist. (#1119)
v1.10.0 - 2023-09-18
- Don't retry on internal exceptions. (#1110)
- Fix logging of errors to stringify instead of passing as exception keyword. (#1092)
v1.9.16 - 2023-10-02
- Backport of #1092.
v1.9.15 - 2023-09-10
v1.9.14 - 2023-07-12
- Revert multithreaded connection attempts. (#1078)
v1.9.13 - 2023-07-12
- Don't acquire IO lock within the connection lock. (#1077)
v1.9.12 - 2023-07-12
- Fix keepalive related bug introduced in 1.9.8.
v1.9.11 - 2023-07-11
- Make sure connection timeout doesn't count the time for lock-acquiring. (#1075)
- Update the default connection timeout from 60 to 30 seconds. (#1075)
v1.9.10 - 2023-07-10
- Update the default connection timeout from 10 to 60 seconds.
v1.9.9 - 2023-07-10
- Ensure unused TCP connections are closed. (#1073)
v1.9.8 - 2023-06-29
- Try to connect to all adresses in parallel when establishing a connection. (#1068)
v1.9.7 - 2023-06-22
- Integrate with ExceptionUnwrapping.jl (#1065)
v1.9.6 - 2023-05-27
- Allow retries if captured exception is recoverable. (#1057)
v1.9.5 - 2023-05-19
- Make sure
set_default_connection_limit
usage applies also to already existing global pools. (#1053)
v1.9.4 - 2023-05-14
- Fix usage of the lock added in v1.9.3. (#1049).
v1.9.3 - 2023-05-14
- Add another missing lock for updating request context (#1048).
v1.9.2 - 2023-05-13
- Add missing locks for updating request context (#1046).
v1.9.1 - 2023-05-11
- Fix issue where error response body wasn't being set when readtimeout is specified. (#1044)
v1.9.0 - 2023-05-11
- The default TLS library have been changed from MbedTLS to OpenSSL. (#1039)
- Use
Threads.@spawn
instead of@async
in various places. (#1039)
v1.8.1 - 2023-05-09
- Fix use of undefined variable in timeout code. (#1043)
v1.8.0 - 2023-04-27
- Overload
URIs.queryparams
forHTTP.Request
andHTTP.Response
. (#1012)
- Request bodies as dictionaries have been widened from
Dict
toAbstractDict
. (#1029) - The connection pool implementation have been extracted to the ConcurrentUtilities.jl package. (#1034)
- Remove unused
IniFile
dependency. (#1013) - Write cookie separator with a space. (#1016)
- Parse
set-cookie
expire with a trailing GMT. (#1035)
v1.7.4 - 2023-01-24
- Fix a segfault related to missing locks in calls to libuv. (#999)
v1.7.2 - 2023-01-13
HTTP.download
now automatically decompresses gzip'd content (similar toHTTP.request
). (#986)
- Release old connections from the correct socket pool. (#998)
v1.7.1 - 2023-01-12
- Allow the keyword argument
retry_delays
to be of any type (not justExponentialBackOff
). (#993) - Remove the default 60 second read timeout, and reduce default connection timeout to 10 seconds. (These were added in 1.7.0.) (#994)
v1.7.0 - 2023-01-12
- Allow passing pre-allocated buffer for response body. (#984)
HTTP.StatusCodes
module/namespace with all HTTP status code and corresponding status texts. (#982)
- Add a default timeout of 60 seconds client side .(#992)
- The default value of
keepalive::Bool
for TCP connections have been updated totrue
. (#991)
- Parametrize the internal Connection type on the socket type to avoid some type instabilities. (#983)
- Account for response status when retrying. (#990)
v1.6.3 - 2023-01-03
- Slightly reduce memory allocations when reading/writing HTTP messages. (#950)
- Set line info for the
@clien
macro to the macro call site. (#981)
v1.6.2 - 2022-12-15
- Pass the response body as argument to the
retry_check
user function introduced in 1.6.0. (#976)
v1.6.1 - 2022-12-14
- Fix a bug related to response bodies not being set after StatusError exceptions. (#975)
v1.6.0 - 2022-12-11
- Configurable retry logic through the
retry_delays
andretry_check
keyword arguments ofHTTP.request
and similar methods. (#974)
- Do not turn
HEAD
requests toGET
by default through redirects. (#967) - Fix some thread-related caches for interactive threadpools. (#972)
v1.5.5 - 2022-11-18
- Allow retrying requests after write failures. (#964)
v1.5.4 - 2022-11-14
- Update
[compat]
to allow LoggingExtras.jl version 1. (#963)
v1.5.3 - 2022-11-09
- Use
@sync
instead of@spawn
when interactive threads are not supported. (#960)
v1.5.2 - 2022-11-03
- The server task is spawned on an interactive thread if available. (#955)
- Fix a bug related to rethrowing exceptions in timeout handling. (#942)
v1.5.1 - 2022-10-20
- Number of retries is recorded in the request context. (#946)
- Fix socket type for ssl upgrade when the the protocals differ. (#943)
v1.5.0 - 2022-10-17
- The function
HTTP.set_default_connection_limit!(::Int)
have been added. (#940)
- Various fixes to the optional OpenSSL integration. (#941)
v1.4.1 - 2022-10-11
- Fix
DEBUG_LEVEL
handling to propagate to the logger correctly. (#929) - Fix a server side crash when issuing HTTP request to a HTTPS server. (#934, #935)
v1.4.0 - 2022-09-22
- Support for using OpenSSL for TLS connections. MbedTLS is still the default. (#928)
- Fix vararg function definition of
HTTP.head
.
v1.3.3 - 2022-08-26
- Revert faulty bugfix from previous release. (#914)
v1.3.2 - 2022-08-25
- Fix a bug in idle connection monitoring. (#912)
v1.3.1 - 2022-08-24
- Fix a bug related to read timeouts. (#911)
v1.3.0 - 2022-08-24
HTTP.listen!
now support the keyword argumentlistenany::Bool
to listen to any available port. The resulting port can be obtained from the returnedServer
object byHTTP.port
. (#905)- Gzip decompression of request bodies can now be forced by passing
decompress=true
toHTTP.request
. (#904)
- Fix a stack overflow error in
HTTP.download
when the URI had a trailing/
. (#897) - Fix a bug related to not accounting for timeouts correctly. (#909, #910)
v1.2.1 - 2022-08-10
- Fix an bug in idle connection monitoring. (#901)
v1.2.0 - 2022-07-18
- Add ability to "hook" a middleware into Router post-matching. (#886)
v1.1.0 - 2022-07-17
- The response body is now preserved when retrying/redirecting. (#876)
HTTP.getparam
has been added to fetch one routing parameter (in addition to the existingHTTP.getparams
). (#880)HTTP.removeheader
has been added. (#883)
- The acquire/release usage from the connection pool have been adjusted to fix a possible hang when concurrently issuing a large number of requests. (#882)
- A bug in the connection reuse logic has been fixed. (#875, #885)
v1.0.5 - 2022-06-24
- Store the original registered route path when Router matches. (#866)
- Fix use of undefined variable in cookie-code. (#867)
v1.0.4 - 2022-06-21
- Ensure underlying Connection gets closed in websocket close sequence. (#865)
v1.0.3 - 2022-06-21
- Ensure a Request accounts correctly for isredirect/retryable. (#864)
v1.0.2 - 2022-06-20
- Fix some issues with automatic gzip decompression. (#861)
v1.0.1 - 2022-06-19
- Fix
HTTP.listen
with providec TCP server. (#857) - Add some deprecation warnings to help upgrade from 0.9.x to 1.0.x. (#858)
v1.0.0 - 2022-06-19
- The response body for responses with
Content-Encoding: gzip
are now automatically decompressed. Passdecompress=false
toHTTP.request
to disable. (#838) HTTP.parse_multipart_form
can now parse responses (as well as requests). (#817)HTTP.listen!
has been added as a non-blocking version ofHTTP.listen
. It returns aServer
object which supportswait
,close
andforceclose
. See documentation for details. (#854)
- HTTP.jl no longer calls
close
on streams given with theresponse_stream
keyword argument toHTTP.request
and friends. If you relied on this behavior you now have to do it manually, e.g.(#543, #752, #775).io = ... HTTP.request(...; response_stream = io) close(io)
- The internal client request layer stack have been reworked to be value based instead of type based. This is breaking if you implement custom layers but not for regular client usage. Refer to the documentation for how to update. (#789)
- The server side Handlers/Router framework have been reworked. Refer to the documentation for how to update. (#818)
- The default value (optional third argument) to
HTTP.header
can now be of any type (not justAbstractString
). (#820) - HTTP.jl now attempts to reencode malformed, non-ascii, headers from Latin-1 to UTF-8. (#830)
- Headers with the empty string as their value are now omitted from requests (this matches
the behavior of e.g.
curl
). (#831) - Requests to localhost are no longer proxied. (#833)
- The cookie-code have been reworked. In particular it is now safe to use concurrently. (#836)
- The websockets code have been reworked. (#843)
- HTTP.jl exception types are now more consistent. (#846)
- Support for "pipelined requests" have been removed in the client implementation. The
keyword arguments to
HTTP.request
related to this feature (pipeline_limit
andreuse_limit
) are now ignored (#783).
v0.9.17 - 2021-11-17
- Correctly throw an
EOFError
if the connection is closed with remaining bytes to be transferred (#778, #781).
v0.9.16 - 2021-09-29
See changes for 0.9.15: this release is equivalent to 0.9.15 with #752 reverted. #752 might be included in a future breaking release instead, see #774.
v0.9.15 - 2021-09-27
Note: This release have been pulled back since #752 turned out to be breaking.
- Reverted in 0.9.16
HTTP.jl no longer calls
close
on streams given with theresponse_stream
keyword argument toHTTP.request
and friends. If it is required to close the stream after the request you now have to do it manually, e.g.(#543, #752).io = ... HTTP.request(...; response_stream = io) close(io)
- The
Content-Type
header for requests withHTTP.Form
bodies is now automatically set also forPUT
requests (just likePOST
requests) (#770, #740).
- Fix faulty error messages from an internal macro (#753).
- Silence ECONNRESET errors on more systems (#547, #763, #764).
- Use
Content-Disposition
from original request in case of a 3xx response (#760, #761). - Fix cookie handling to be case-insensitive for
Set-Cookie
headers (#765, #766).
v0.9.14 - 2021-08-31
- Improved memory use and performance of multipart parsing (#745).
v0.9.13 - 2021-08-01
- The call stack now has a
TopLayer
inserted at the top to simplify adding new layers at the top (#737).
v0.9.12 - 2021-07-01
- Fix a JSON detection issue in
HTTP.sniff
for negative numeric values (#730).
v0.9.11 - 2021-06-30
- "Connection closed by peer" errors are now emitted as
Debug
-level messages (instead ofError
-level) (#727).
- Fix websocket disconnection errors (#723).
- Reduced allocations for some internals functions used for e.g. header comparison (#725).
v0.9.10 - 2021-05-30
- Fix access logging to also log internal server errors (#717).
- Fix a possible crash in access logging of remote IP when the connection have been closed (#718).
v0.9.9 - 2021-05-23
- Access logging functionality to
HTTP.listen
andHTTP.serve
(#713).
- Include
Host
header forCONNECT
proxy requests (#714).
v0.9.8 - 2021-05-02
- URLs are now checked for missing protocol and hostname when making requests (#703).
- Fix an issue where relative HTTP 3xx redirects would not resolve the new URL correctly by upgrading the URIs dependency (#707).
- Fix automatic detection of filename in
HTTP.download
to (i) not include any query parameters and (ii) use the original request URL instead of any redirect URLs (#706).
- Improvements to internal allocation of buffers to decrease package load time (#704).
v0.9.7 - 2021-04-28
- Implement
Sockets.getpeername(::HTTP.Stream)
for getting the client IP address and port from aHTTP.Stream
(#702).
v0.9.6 - 2021-04-27
- New function
HTTP.statustext
for getting the string representation of a HTTP status code (#688). - New exception
ReadTimeoutError
which is thrown for request that time out (#693).
- Un-deprecate
HTTP.status
,HTTP.headers
,HTTP.body
,HTTP.method
, andHTTP.uri
(#682).
- Fixes and improvements to rate limiting in
HTTP.listen
andHTTP.serve
(#701).
v0.9.5 - 2021-02-23
- Fix implicitly added
Host
header forHTTP.request
(and friends) to include the port for non-standard ports (#680).
v0.9.4 - 2021-02-23
- NetworkOptions.jl's
verify_host
is now used for the default value for host verification (#678).
- Ignore
HTTP_PROXY
andHTTPS_PROXY
environment variables if they are set to the empty string (#674). - When trying to establish a connection, try all IP addresses found for the host instead of just the first one (#675).
v0.9.3 - 2021-02-10
- New keyword
max_connections::Int
toHTTP.listen
for specifying maximum value of concurrent active connections (#647).
- The header
Accept: */*
is now added by default forHTTP.request
and friends (this mirrors the behavior of e.g.curl
and Python'srequest
) (#666).
v0.9.2 - 2020-12-22
- If a proxy specification includes userinfo it is now added as the
Proxy-Authorization: Basic XXX
header (#640).
- Proxy specifications using the environment variables
HTTP_PROXY
/HTTPS_PROXY
are now checked, previously only the lowercase versionshttp_proxy
/https_proxy
where checked (#648).
v0.9.1 - 2020-12-04
- TCP connections are now flushed on
closewrite
which can improve latency in some cases (#635). - Callbacks to
HTTP.listen
that never callsstartwrite
now throw and return500 Internal Server Error
to the client (#636). closebody
does not error if closing bytes could not be written (#546).
v0.9.0 - 2020-11-12
- New keyword argument
on_shutdown::Union{Function,Vector{Function}}
toHTTP.listen
/HTTP.serve
for registering callback function to be run at server shutdown (#599). - New functions
insert_default!
andremove_default!
for inserting/removing layers in the default stack (#608). - New keyword argument
boundary
toHTTP.Form
for specifying the boundary for multipart requests (#613, #615).
- The internal
HTTP.URIs
module have been factored out to an independent package whichHTTP.jl
now depends on (#616).
- Fix a formatting bug in progress reporting in
HTTP.download
(#601). - Fix a case where bad HTTPS requests to would cause the HTTP.jl server to throw (#602).
- The correct host/port is now logged even if the server is provided with the
server
keyword argument toHTTP.listen
/HTTP.serve
(#611). - Fix some outdated internal calls that would throw when passing a
connect_timeout
toHTTP.request
and friends (#619).