Changelog History
Page 2
-
v1.6.1 Changes
April 24, 2019๐ This release fixes a security vulnerability around session ID generation and is recommended for all users.
0๏ธโฃ The issue stems from the default session ID generator using a cryptographically weak pseudo random number generator in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs. 1.6.1 uses system entropy when generating values to make the values non determinable.
If you are using client side sessions, your application is not vulnerable as the session ID is not used.
0๏ธโฃ If you are using a version earlier than 1.6, you can fix the the issue by binding a custom
SessionIdGenerator
implementation based on the new version.Special thanks to Jonathan Leitschuh for discovering and reporting this vulnerability.
-
v1.6.0 Changes
December 21, 2018Just in time to ring in 2019, Ratpack 1.6.0 is now available!
๐ This release adds integration with additional reactive programming libraries and many improvements that allow Ratpack to integrate more seamlessly with external libraries.โฌ๏ธ The following core dependencies have been upgraded:
- Netty 4.1.22.Final โ 4.1.32.Final
- Jackson 2.9.4 โ 2.9.8
- ReactiveStreams 1.0.0.final โ 1.0.2
- Caffeine 2.4.0 โ 2.6.2
- SnakeYAML 1.18 โ 1.23
- ๐ Handlebars 4.0.6 โ 4.0.7
๐ The new
ratpack-reactor
module adds support for integrating Ratpack with Project Reactor types.๐ The new
ratpack-rx2
module adds support for integrating Ratpack with version 2 of RxJava. This is a new module to support the new types introduced in RxJava 2.0.๐ The new
ratpack-thymeleaf3
module adds support for integrating Ratpack with version 3 of Thymeleaf templating.๐ The new
ratpack-gson
module adds support for parsing request bodies and rendering responses using Google's Gson library.The new
Promise.flatOp
method allows for mapping aPromise
directly into an `Operation.The new
Promise.mapError
andPromise.flatMapError
which allow for providing a conditionalPredicate
for the mapping.๐ง The ability to configure request and response interceptors for Ratpack's
HttpClient
through theHttpClientSpec.requestIntercept
,HttpClientSpec.responseIntercept(Action)
,HttpClientSpec.responseIntercept(Operation)
, andHttpClientSpec.errorIntercept
methods.Create a new
HttpClient
instance by by inheriting from another instance using theHttpClient.copyWith
method.๐ Improvements in Ratpack's integration with Retrofit by allowing the underlying
HttpClient
to be specified with theRatpackRetrofit.Builder.httpClient
method. This allows for utilizing Retrofit outside of a Ratpack HTTP request (e.g. from a background service)Forked executions can now obtain references to their parent executions through the
Execution.getParent()
and [Execution.maybeParent()
] (https://ratpack.io/manual/1.6.0/api/ratpack/exec/Execution.html#maybeParent--) methods.0๏ธโฃ Applications can now register their own JVM shutdown hook to perform custom behaviors instead of Ratpack's default hook. Applications using a custom hook can disabled the default hook by setting
ServerConfigBuilder.registerShutdownHook(false)
๐ The
ratpack-dropwizard-metrics
module now supports exporting metrics to Prometheus (DropwizardMetricsConfig.prometheusCollection(true)
) and collecting metrics onByteBuf
(DropwizardMetricsConfig.byteBufAllocator(Action)
) andHttpClient
(DropwizardMetricsConfig.httpClient(Action)
)๐ There are also many other new convenience methods, bug fixes and generally cool stuff added in this release.
Thanks to all who contributed.We hope you enjoy Ratpack 1.6.
--
Team Ratpack
-
v1.6.0-rc Changes
December 20, 2018๐ > These are the release notes for a Ratpack 1.6.0 release candidate.
๐ > Please see the pending release notes for the final release for the complete list of closed issues.๐ This fourth release candidate of Ratpack 1.6 fixes:
-
v1.5.4 Changes
September 17, 2018๐ This release includes some minor bug fixes and performance improvements. Please see the issue list below for details. This upgrade is recommended for everyone using 1.5.x.
-
v1.5.3 Changes
September 17, 2018๐ This release includes some minor bug fixes and performance improvements. Please see the issue list below for details. This upgrade is recommended for everyone using 1.5.x.