3.0.0-rc-2

Published 2 October 2024

Bugfixes

• Sessions: custom SessionSerializer is no longer supported (KTOR-7442)
• Multipart/form-data: Request timeout when receiving FileItem with 3.0.0-rc-1 (KTOR-7484)
• MultiPartData.readPart does not return null when stream ends (KTOR-7500)
• Multipart/form-data: Form limit applied for binary and file items (KTOR-7356)
• Autoreload not working by default under Windows (KTOR-3031)
• HttpCache: Cache collision in the plugin when Authorization header is used (KTOR-7483)
• Gradle sync issue with kotlin-serialization 1.7.2 on 3.0.0-rc-1 (KTOR-7477)
• The ApplicationStopping event isn't raised when application is terminated with SIGINT (KTOR-7448)
• respondOutputStream reads entire contents into memory before returning response (KTOR-7461)
• UninitializedPropertyAccessException for request property when using MonitoringEvent(RoutingCallStarted) (KTOR-7449)
• Preconfigured NSURLSession causes requests to hang (KTOR-7355)
• Failures after upgrading Ktor in test server (KTOR-7431)
• InputStream.toByteReadChannel creates unattached job (KTOR-7012)
• Maven builds not working (KTOR-7425)

Improvements

• Deprecate withTestApplication APIs with ERROR and migrate to testApplication (KTOR-7284)
• Replace java.time options in Websockets plugin (KTOR-7446)
• Ktor doesn't read System properties from jvm (KTOR-7492)
• Redirect dependencies from ktor-server-test-base (KTOR-7393)
• Include relocation notes for old Ktor modules (KTOR-6826)
• ByteReadChannel.readFully(dst: ByteArray, offset: Int, length: Int) is missing since 3.0.0-beta-2 (KTOR-7427)
• ByteChannel.readUtf8Line() backwards compatibility (KTOR-7474)
• Kotlinx-io response extension (KTOR-7504)

Features

• Add multiplatform support for XML (KTOR-5085)
• Add watchosDeviceArm64 target (KTOR-6368)

3.0.0-rc-1

Published 9 September 2024

Bugfixes

• Bytecode incompatibility in AttributeKey (KTOR-7334)
• ContentEncoding: request hangs when using 3.0.0-beta-2 (KTOR-7265)
• Revert Routing API changes from Route to Routing (KTOR-7238)
• IOException: startIndex (0) > endIndex (-1) when making concurrent requests via thread pool (KTOR-7254)
• ByteReadChannel.copyTo sometimes throws "IllegalArgumentException: Buffer is empty" (KTOR-7220)
• Redirect dependencies from ktor-server-test-base (KTOR-7393)
• CIO: EmbeddedServer.stop always blocks for shutdownGracePeriod (KTOR-7360)
• SSE: the plugin doesn't follow the spec when multiline data is sent (KTOR-7391)
• Infinite creation of CancellableContinuationImpl on ByteChannel.flush (KTOR-7324)

Improvements

• Include relocation notes for old Ktor modules (KTOR-6826)
• Deprecate old jetty / tomcat / servlet engines (KTOR-7315)
• Backwards compatibility for monitor (KTOR-7264)
• ApplicationProperties naming is confusing (KTOR-7270)

Features

• staticZip: Support watching for changes and reloading of zip files (KTOR-7243)

3.0.0-beta-2

Published 15 July 2024

Bugfixes

• io.ktor.util.TextKt.chomp doesn't work on strings with more than one character (KTOR-7209)
• DefaultRequest plugin overwrites http protocol (KTOR-5586)
• Ktor build problem; cannot compile native targets (KTOR-6666)
• SSEException is thrown instead of JobCancellationException when coroutine's job is cancelled (KTOR-6571)
• SSE request drops request body (KTOR-6659)
• SSE: UnsupportedContentTypeException when sending POST request using OKHttp engine (KTOR-6911)
• SSE: NoTransformationFoundException when Logging plugin with LogLevel.ALL is used (KTOR-6912)
• Installing SSE breaks GET/POST functionality (KTOR-6614)
• Cookies with a long Max-Age incorrectly expire in AcceptAllCookiesStorage (KTOR-6646)
• Some dependency versions not tracked (KTOR-7123)
• CSRF: false positive originMatchesHost validation when default port is explicitly defined (KTOR-6701)
• Double Transfer-Encoding header while using respondOutputStream on Tomcat (KTOR-6574)

Improvements

• HttpCalValidatorConfig class name is misspelled (KTOR-6625)
• CallLogging: package is misspelled (KTOR-4273)
• Ambiguous coroutineContext warning in routing handler (KTOR-5181)
• Tracing: allow changing log level at runtime for routing (KTOR-7193)
• io.ktor.network.tls.TLSException has internal visibility (KTOR-6767)
• Auth: Make refreshToken of BearerTokens class nullable (KTOR-6928)
• Ktor test application library references internal module (KTOR-6668)
• CSRF: Confusing error message when Origin validation is enabled and only Referrer header is sent (KTOR-6702)
• CSRF: validations probably shouldn't be applied to GET/HEAD/OPTIONS requests (KTOR-6698)
• CSRF: Empty onFailure option is misleading (KTOR-6687)
• Misleading assertion message in the testEmbeddedServerCancellation test (KTOR-6657)
• Allow setting "Secure" flag for cookies on localhost (KTOR-6593)
• SSE: Unable to access response headers (KTOR-6660)
• SSE: Improve support for testing (KTOR-3290)
• OAuth handler does not propagate redirection errors to the caller (KTOR-6605)
• HttpTimeoutTest.testConnect are flaky (KTOR-1583)

Features

• Migrate to new kotlinx.io library (KTOR-6030)
• Change default session serializer to the one that uses kotlinx-serializaion (KTOR-6175)
• Replace custom withTimeout implementation using WeakTimeoutQueue with coroutines.withTimeout (KTOR-3658)
• Add Url capability: parsing/validating url strings (KTOR-360)
• SSE: Support handling HTTP failures (KTOR-6808)
• Ktor client for Kotlin/Wasm (KTOR-5587)
• CSRF protection feature (KTOR-2910)

2.3.12

Published 20 June 2024

Bugfixes

• NoSuchMethodError when using coroutines 1.9.0-RC (KTOR-7054)
• Server: Content-Type header for static js, css and svg resources misses charset (KTOR-6655)
• Embedded Linux device without iso-8859-1 and UTF-16 cannot use ktor-network (KTOR-7016)

Improvements

• Update netty to 4.1.111.Final (KTOR-7094)
• Update netty due to CVE-2024-29025 (KTOR-7014)
• Update dependency on swagger (KTOR-7019)

2.3.11

Published 8 May 2024

Bugfixes

• Test client ignores socket timeout (KTOR-6909)

2.3.10

Published 8 April 2024

Bugfixes

• CallLogging, StatusPages: response logged twice when status handler is used (KTOR-6839)
• NodeJS WebSocket client sometimes drops a frame received immediately after handshake (KTOR-6883)
• IPv6 addresses are not supported in NettyConnectionPoint and CIOConnectionPoint (KTOR-5383)
• JS browser: "Maximum call stack size exceeded" on HTTP request when targeting es2015 (KTOR-6878)
• CIO: File upload fails with NumberFormatException when uploading file larger than INT_MAX bytes (~2.1 GiB) since 2.3.0 (KTOR-6851)
• CallLogging: the plugin completely overrides MDC if at least one entry is configured (KTOR-6642)
• SSE plugin: Duplicated "Content-Type: text/event-stream" headers (KTOR-6735)
• CIO: "getSubjectAlternativeNames(...) must not be null" when IP-addresses are verified and no SAN in the certificate (KTOR-6746)

Improvements

• Inconsistent behavior of Netty and rest engines by returning null or empty string for query parameters without values (KTOR-6850)
• Android: no logs are present in Logcat with Logger.ANDROID (KTOR-1219)

2.3.9

Published 4 March 2024

Improvements

• Allow to set secure cookie even with http scheme (KTOR-3159)

Bugfixes

• ContentNegotiation: the plugin appends duplicated MIME type to Accept header (KTOR-6684)

2.3.8

Published 31 January 2024

Bugfixes

• "KeyStoreException: JKS not found" exception on Android when configuring secure connection (KTOR-6720)
• URLBuilder crashes on React Native platforms (KTOR-6576)
• CIO: Unable to perform WebSocket upgrade when Content-Type header is sent in the request (KTOR-6366)
• ContentNegotiation: Adding charset to content type of JacksonConverter breaks request matching (KTOR-6420)
• High Native Server Memory Usage (KTOR-6321)
• Server ContentNegotiation no longer allows multiple decoders for one Content-Type (KTOR-5410)
• Logging plugin blocks response body streaming when level is BODY (KTOR-6482)
• WebSockets: Confusing error message when server doesn't respond with Upgrade (KTOR-6397)
• {...} (tailcard) does not match URLs ending with '/' (KTOR-2121)
• HttpCache: NumberFormatException for cache-control with max age more than Int.MAX_VALUE (KTOR-6505)
• CORS: allowHost without the second argument doesn't allow the secure host (KTOR-6494)
• "ReferenceError: 'self' is not defined" when using URLBuilder in a custom JS engine (KTOR-5978)
• MDC diagnostic value is changed during logging of the request (KTOR-6528)
• WebSocket doesn't get terminated when runBlocking is used (KTOR-6664)
• CIO: "getSubjectAlternativeNames(...) must not be null" error on Android when using CA without SAN since 2.3.5 (KTOR-6396)
• RequestConnectionPoint should implement toString() (KTOR-6577)

2.3.7

Published 7 December 2023

Bugfixes

• Server ContentNegotiation no longer allows multiple decoders for one Content-Type (KTOR-5410)
• High Native Server Memory Usage (KTOR-6321)
• WebSockets: Confusing error message when server doesn't respond with Upgrade (KTOR-6397)
• ContentNegotiation: Adding charset to content type of JacksonConverter breaks request matching (KTOR-6420)

3.0.0-beta-1

Published 23 November 2023

Bugfixes

• OkHttp: SSE client throws confusing "Unexpected error" on non 200 status (KTOR-6390)
• Logging plugin blocks response body streaming when level is BODY (KTOR-6482)
• HttpResponseValidator consumes HTTP response body (KTOR-4225)
• CIO: Unable to perform WebSocket upgrade when Content-Type header is sent in the request (KTOR-6366)
• ContentNegotiation: Adding charset to content type of JacksonConverter breaks request matching (KTOR-6420)
• DOS via OOM due to unbound request body size (KTOR-2682)
• AcceptAllCookiesStorage ignores cookie's max-age (KTOR-2023)
• Inconsistent behavior for different engines when exception is thrown in the writer of WriteChannelContent (KTOR-3266)
• Server doesn't send a response when a status code is passed to call.respond and the custom serializer throws an exception (KTOR-6150)
• contentLength() returns null on Android (KTOR-1540)

Improvements

• Kotlin/JS: Allow passing custom Agent (KTOR-5861)
• Update Kotlin to 1.9.0 (KTOR-6123)
• Update Kotlin to 1.9.20 (KTOR-6447)
• Deprecate Locations with Level.ERROR (KTOR-6029)
• HSTS plugin hard codes port 443 (KTOR-4168)
• API to use java.nio.Path as resources (KTOR-4275)
• Ability to serve static resources from a .zip file (KTOR-6385)
• Make DefaultHeaders plugin Kotlin native compatible (KTOR-6356)
• Disable compression for SSE requests (KTOR-6327)
• Drop http timeout for sse requests (KTOR-6312)
• Add deprecations for old IO API (KTOR-6036)
• Drop old deprecations (KTOR-6262)
• Drop actual modifier for Memory class in jvm for compatibility with K2 (KTOR-6006)
• Remove @Suppress("NO_ACTUAL_CLASS_MEMBER_FOR_EXPECTED_CLASS") in preparation for Kotlin 2.0 (KTOR-5824)
• Migrate client plugins to new API (KTOR-6303)
• Jetty Server no idle timeout configuration possible (KTOR-6288)
• AttributeKey equality comparison breaks type safety (KTOR-6122)
• Darwin: Support accessing NSURLSessionDelegate (KTOR-5688)
• Remove writing multipart data to temp file (KTOR-5881)
• Netty: Allow listening only for HTTP/1.1 protocol SSL connections (KTOR-6098)
• Persistent Cookie Storage: Make Cookie.matches and Cookie.fillDefaults methods public (KTOR-6119)
• Decompressed response/request should unset Content-Encoding header (KTOR-6080)
• renderSetCookieHeader shouldn't ignore maxAge = 0 (KTOR-6007)
• Webjars plugin should include caching headers and ETag by default (KTOR-6073)
• SessionsConfig.cookie problem with reified type argument (KTOR-5905)
• Make LDAP Auth return generic Principal instead of UserIdPrincipal (KTOR-793)
• Logger name should be prefixed with io.ktor (KTOR-938)

Features

• Add Server-sent events (SSE) plugin for client and support for OkHttp engine (KTOR-505)
• Client support for SSE plugin (CIO, Apache, Java) (KTOR-5963)
• SSE plugin support in Js, Android, Curl, Darwin, WinHttp client engine (KTOR-6217)
• Add Server-sent events (SSE) plugin for server (KTOR-6172)
• Support UTF-8 BOM character (KTOR-5812)
• Support Compression of Request Body with ContentEncoding Client Plugin (KTOR-4502)