All Versions
72
Latest Version
Avg Release Cycle
88 days
Latest Release
69 days ago

Changelog History
Page 1

  • v4.121.4 Changes

    April 10, 2026

    What's Changed

    πŸ›  Fix Response Compression Bug when Content Type header is empty by @0xTim in #3453

    πŸ›  > Fixes a bug in the response compression pipeline where the response would be compressed, even if response compression is disabled, if no content-type header was set for the response.

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.121.3...4.121.4

  • v4.121.3 Changes

    February 24, 2026

    What's Changed

    πŸ“œ Parse directives from all Cookie headers, not just the first by @gwynne in #3436

    πŸ›  > Fixes #3435.

    Reviewers

    Thanks to the reviewers for their help:

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.121.2...4.121.3

  • v4.121.2 Changes

    February 10, 2026

    What's Changed

    βž• Add Sendable conformance to application testing Method type by @tib in #3424

    βœ… > This PR adds Sendable conformance to the Method type in the VaporTestUtils target.

    πŸ†• New Contributor

    • @tib made their first contribution in #3424 πŸŽ‰

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.121.1...4.121.2

  • v4.121.1 Changes

    January 14, 2026

    What's Changed

    Do not create a session if no cookie was provided by @czechboy0 in #3372

    Summary

    πŸ‘€ > When using SessionsMiddleware and a custom AsyncSessionAuthenticator together, we were seeing that even in cases when no cookie is provided in the request, and no error was thrown by e.g. a guard middleware or the handler, we were still seeing a set-cookie header in the response, which isn’t desired.

    This lead to many sessions created in the sessions driver for calls that didn’t require authentication, nor did it provide any.

    πŸ‘€ > This seemed to be a side effect of the way AsyncSessionAuthenticator checked if the session already contained an authenticated value - by using the getter request.session, a session was created lazily.

    The fix is to prepend a check to request.hasSession and only using request.session... if one indeed exists.

    βœ… > ## Test Plan

    βœ… > A regression test was added which exercises this scenario - and it fails without the fix.

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.121.0...4.121.1

  • v4.121.0 Changes

    January 05, 2026

    What's Changed

    The RouteNotFound that is used when the router finds nothing is now public by @fizker in #3326

    0️⃣ > When no routes match the current request, DefaultResponder throws the RouteNotFound error.

    This PR makes that error public, allowing any middleware to handle that specific scenario.

    Unlike the CatchAll route **, a middleware catching the RouteNotFound works across all HTTP methods automatically.

    This would be used in a middleware like so:

    publicstructCatchAllMiddleware:AsyncMiddleware{publicfuncrespond(to request:Request,chainingTo next:anyAsyncResponder)asyncthrows->Response{do{returntryawaitnext.respond(to:request)}catchisRouteNotFound{// No route was found, so this would normally result in a 404. // We can now handle this like any other request. // Or we can make treat it like an ErrorMiddleware where we 🌲 > // log purposeful 404s different than RouteNotFound 404s....}}}

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.120.0...4.121.0

  • v4.120.0 Changes

    December 12, 2025

    What's Changed

    πŸ›  Fix compatibility with swift-log 1.8.0 and later by @gwynne in #3412

    πŸ— > swift-log introduced CustomStringConvertible and LosslessStringConvertible conformances on Logger.Level which cause build errors by conflicting with our implementations, so ours are now gone.

    Reviewers

    Thanks to the reviewers for their help:

    πŸš€ ###### This patch was released by @gwynne

    Full Changelog : 4.119.2...4.120.0

  • v4.119.2 Changes

    November 11, 2025

    What's Changed

    πŸ›  Fix parallel build failures on platforms with Glibc by @simonjbeaumont in #3393

    Motivation

    Since adding MemberImportVisibility, when Vapor is compiled in highly parallel environments it fails with high probability:

    %git rev-parse HEADac3aeb7730b63f4f54248603c38137b551b465c7%rm -rf .build ~/.cache/org.swift.swiftpm/manifests/ && swift build -j 64...Building for debugging.../pwd/Sources/Vapor/Utilities/String+IsIPAddress.swift:10:24: error: initializer 'init()' is not available due to missing import of defining module 'CNIOLinux' [#MemberImportVisibility] 1 | import Foundation 2 | import NIOCore 3 | #if canImport(Android) | - note: add import of module 'CNIOLinux' 4 | import Android 5 | #endif : 8 | func isIPAddress() -\> Bool { 9 | // We need some scratch space to let inet\_pton write into.10 | var ipv4Addr = in\_addr() |- error: initializer 'init()' is not available due to missing import of defining module 'CNIOLinux' [#MemberImportVisibility]11 | var ipv6Addr = in6_addr()12 |---[ similar error for in6_addr t…

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.119.1...4.119.2

  • v4.119.1 Changes

    November 10, 2025

    What's Changed

    πŸ›  Fix a couple of import issues by @0xTim in #3390

    πŸ‘€ > Fixes a couple of import issues seen recently:

    🍎 > - Sendable error with TOTP types on old macOS SDKs - CryptoKit types have Sendable annotations from Xcode 16.3 (Swift 6.1). If trying to compile on older versions of Xcode, which we support you get an error in Swift 6 mode 🐧 > - Some UBI9 based images complain about a missing import for CNIOLinux

    πŸš€ ###### This patch was released by @gwynne

    Full Changelog : 4.119.0...4.119.1

  • v4.119.0 Changes

    November 05, 2025

    What's Changed

    πŸ”¦ Expose peer certificates in request handlers by @josephnoir in #3362

    πŸš€ > Additional certificate information can be relevant in mTLS deployments. This PR exposes the certificate chain of the peer per request. In contrast to #3352, this includes not just the leaf but the validated peer certificate chain, i.e., the certificates that establish trust of the peer identity from the leaf to (and including) the root certificate.

    πŸ“‡ > The validated certificate chain is only available when setting a custom verification callback with metadata. Configuration of this callback is made available in this PR. It also adds a dependency on swift-certificates to use X509.ValidatedCertificateChain for the certificate chain.

    Example usage:

    app.get{reqasyncinifletchain=req.peerCertificateChain{return"I am trusting you because I trust: (chain.root.description)"}else{return"I am not trusting you."}}

    I suggest close #3352 in favor of this PR.

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.118.0...4.119.0

  • v4.118.0 Changes

    November 04, 2025

    What's Changed

    ⚑️ Update minimum Swift version to 6.0 by @gwynne in #3365

    πŸ“š > Clean up all the relevant #if conditionals, add theme settings to the API documentation, and clean up the tests. (FileTests and AsyncFileTests no longer crash on ten different force-unwraps when #file (now #filePath) is inaccessible.)

    πŸ— > The tests now also build and pass on iOS, watchOS, tvOS, and visionOS.

    Reviewers

    Thanks to the reviewers for their help:

    πŸš€ ###### This patch was released by @0xTim

    Full Changelog : 4.117.2...4.118.0