View Source Changelog

1.2.3 (23 Feb 2024)

Changes

  • Log port number when listen fails (#312, thanks @jonatanklosko!)
  • Accept mixed-case keepalive directives (#308, thanks @gregors!)

1.2.2 (16 Feb 2024)

Changes

  • Reset Logger metadata on every request

1.2.1 (12 Feb 2024)

Changes

  • Disable logging of unknown messages received by an idle HTTP/1 handler to avoid noise on long polling clients. This can be changed via the log_unknown_messages http_1 option (#299)

1.2.0 (31 Jan 2024)

Enhancements

  • Automatically pull in :otp_app value in Bandit.PhoenixAdapter (thanks @krns!)
  • Include response body metrics for HTTP/1 chunk responses

Fixes

  • Fix broken HTTP/1 inform/3 return value (thanks @wojtekmach!)
  • Maintain HTTP/1 read timeout after receiving unknown messages

1.1.3 (12 Jan 2024)

Fixes

  • Do not send a fallback response if the plug has already sent one (#288 & #289, thanks @jclem!)

Changes

  • Packagaing improvements (#283, thanks @wojtekmach!)

1.1.2 (20 Dec 2023)

Fixes

  • Fix support for proplist-style arguments (#277, thanks @jjcarstens!)
  • Speed up WebSocket framing (#272, thanks @crertel!)
  • Fix off-by-one error in HTTP2 sendfile (#269, thanks @OrangeDrangon!)
  • Improve mix file packaging (#266, thanks @patrickjaberg!)

1.1.1 (14 Nov 2023)

Fixes

  • Do not advertise disabled protocols via ALPN (#263)

1.1.0 (2 Nov 2023)

Changes

  • Messages sent to Bandit HTTP/1 handlers no longer intentionally crash the handler process but are now logged in the same manner as messages sent to a no-op GenServer (#259)
  • Messages regarding normal termination of monitored processes are no longer handled by the WebSocket handler, but are now passed to the configured WebSock.handle_info/2 callback (#259)

Enhancements

  • Add support for Phoenix.Endpoint.server_info/1 (now in Phoenix main; #258)
  • Add support for :max_heap_size option in WebSocket handler (introduced in websock_adapter 0.5.5; #255, thanks @v0idpwn!)

1.0.0 (18 Oct 2023)

Changes

  • Remove internal tracking of remote max_concurrent_streams setting (#248)

1.0.0-pre.18 (10 Oct 2023)

Fixes

  • Fix startup when plug module has not yet been loaded by the BEAM

1.0.0-pre.17 (9 Oct 2023)

Enhancements

  • Support function based plugs & improve startup analysis of plug configuration (#236)
  • Improve keepalive support when Plug does not read request bodies (#244)
  • Improve logic around not sending bodies on HEAD requests (#242)

Changes

  • Internal refactor of WebSocket validation (#229)

1.0.0-pre.16 (18 Sep 2023)

Changes

  • Use protocol default port in the event that no port is provided in host header (#228)

Fixes

  • Improve handling of iolist response bodies (#231, thanks @travelmassive!)

1.0.0-pre.15 (9 Sep 2023)

Fixes

  • Fix issue with setting remote IP at connection startup (#227, thanks @jimc64!)

1.0.0-pre.14 (28 Aug 2023)

Enhancements

Changes

  • Plug.Conn function calls must come from the process on which Plug.call/2 was called (#217, reverts #117)

1.0.0-pre.13 (15 Aug 2023)

Enhancements

  • Add ability to send preamble frames when closing a WebSock connection (#211)

1.0.0-pre.12 (12 Aug 2023)

Fixes

  • Bump ThousandIsland to 1.0.0-pre.7 to fix leaking file descriptors on Plug.Conn.sendfile/5 calls (thanks @Hermanverschooten!)

1.0.0-pre.11 (11 Aug 2023)

Changes

  • BREAKING CHANGE Move conn value in telemetry events from measurements to metadata

Enhancements

  • Add method, request_target and status fields to telemetry metadata on HTTP stop events
  • Improve RFC compliance regarding cache-related headers on deflated responses (#207, thanks @tanguilp!)
  • Bump to Thousand Island 1.0.0-pre.6
  • Doc improvements (particularly around implementation notes)
  • Typespec improvements (thanks @moogle19!)

1.0.0-pre.10 (28 Jun 2023)

Enhancements

  • Add support for Plug.Conn.inform/3 on HTTP/1 connections (#180)
  • Add support for h2c upgrades (#186, thanks @alisinabh!)
  • Internal refactoring of HTTP/1 content-length encoded body reads (#184, #190, thanks @asakura & @moogle19!)

Changes

  • Bump Thousand Island to 1.0.0-pre.6 (gaining support for suspend/resume API)
  • Drop Elixir 1.12 as a supported target (it should continue to work, but is no longer covered by CI)

Fixes

  • Fix crash when Plug used Plug.Conn.get_peer_data/1 function on HTTP/1 connections (#170, thanks @moogle19!)
  • Fix port behaviour when connecting over unix socket (#176, thanks @asakura & @ibarchenkov!)

1.0.0-pre.9 (16 Jun 2023)

Changes

  • Use new ThousandIsland APIs for socket info (#167, thanks @asakura!)

Fixes

  • Handle nil connection close reason when closing a WebSocket

1.0.0-pre.8 (15 Jun 2023)

Fixes

  • Further improve logging on WebSocket upgrade errors (#149)

1.0.0-pre.7 (14 Jun 2023)

Enhancements

  • Refactor HTTP/1 read routines (#158 & #166, thanks @asakura!)
  • Improve logging on WebSocket upgrade errors (#149)

Changes

  • Override any content-length headers that may have been set by Plug (#165)
  • Send content-length on HTTP/2 responses where appropriate (#165)

Fixes

  • Send correct content-length header when sending deflated response (#151)
  • Do not attempt to deflate if Plug sends a content-encoding header (#165)
  • Improve corner case handling of content-length request header (#163, thanks @ryanwinchester!)
  • Handle case where ThousandIsland returns error tuples on some helper routines (#162)

1.0.0-pre.6 (8 Jun 2023)

Changes

  • Always use the declaed scheme if declared in a request-line or :scheme pseudo-header (#159)
  • Internal tidying (thanks @asakura!)

1.0.0-pre.5 (2 Jun 2023)

Enhancements

  • Total overhaul of typespecs throughout the library (thanks @asakura!)

1.0.0-pre.4 (23 May 2023)

Enhancements

  • Performance / correctness improvements to header length validation (#143, thanks @moogle19!)
  • Performance improvements to host header port parsing (#145 & #147, thanks @ryanwinchester!)
  • Improve WebSocket upgrade failure error messages to aid in diagnosis (#152)

Changes

  • Consolidate credo config (#146, thanks @ryanwinchester!)

Fixes

  • Fix error in suggested version dependencies during 1.0-pre series (#142, thanks @cvkmohan!)

1.0.0-pre.3 (3 May 2023)

Enhancements

  • Respect read timeout for HTTP/1 keepalives (#140)
  • Support Websock 0.5.1, including support for optional WebSock.terminate/2 (#131)

Changes

  • Use Req instead of Finch in tests (#137)
  • Improve a few corner cases in tests (#136)

1.0.0-pre.2 (24 Apr 2023)

Fixes

  • Don't require transport_options to be a keyword list (#130, thanks @justinludwig!)

1.0.0-pre.1 (21 Apr 2023)

Changes

  • Update Thousand Island dependency to 1.0-pre

Changelog for 0.7.x

0.7.7 (11 Apr 2023)

Changes

  • Bandit will now raise an error at startup if no plug is specified in config (thanks @moogle19!)

Fixes

  • Fix crash at startup when using otp_app option (thanks @moogle19!)
  • Minor doc formatting fixes

0.7.6 (9 Apr 2023)

Changes

  • BREAKING CHANGE Rename top-level options field to thousand_island_options
  • BREAKING CHANGE Rename deflate_opts to deflate_options where used
  • Massive overhaul of documentation to use types where possible
  • Bandit now uses a term of the form {Bandit, ref()} for id in our child spec
  • Bumped to Thousand Island 0.6.7. num_connections is now 16384 by default

Enhancements

  • Added top level support for the following convenience parameters:
    • port can now be set at the top level of your configuration
    • ip can now be set at the top level of your configuration
    • keyfile and certfile can now be set at the top level of your configuration
  • Transport options are now validated by Plug.SSL.configure/1 when starting an HTTPS server
  • Rely on Thousand Island to validate options specified in thousand_island_options. This should avoid cases like #125 in the future.

0.7.5 (4 Apr 2023)

Changes

  • Drop explicit support for Elixir 1.11 since we no longer test it in CI (should still work, just that it's now at-your-own-risk)
  • Add logo to ex_doc and README

Fixes

  • Allow access to Thousand Island's underlying shutdown_timeout option
  • Fix test errors that cropped up in OTP 26

0.7.4 (27 Mar 2023)

Changes

  • Calling Plug.Conn adapter functions for HTTP/2 based requests are no longer restricted to being called from the process which called Plug.call/2

Enhancements

  • Added startup_log to control whether / how Bandit logs the bound host & port at startup (Thanks @danschultzer)
  • Improved logging when the configured port is in use at startup (Thanks @danschultzer)
  • Update to Thousand Island 0.6.5

0.7.3 (20 Mar 2023)

Enhancements

  • Added advanced handler_module configuration option to options

Fixes

  • Support returning x-gzip as negotiated content-encoding (previously would negotiate a request for x-gzip as gzip)

0.7.2 (18 Mar 2023)

Enhancements

  • Added HTTP compression via 'Content-Encoding' negotiation, enabled by default. Configuration is available; see Bandit docs for details

Changes

  • Minor refactor of internal HTTP/2 plumbing. No user visible changes

0.7.1 (17 Mar 2023)

Changes

  • Update documentation & messaging to refer to RFC911x RFCs where appropriate
  • Validate top-level config options at startup
  • Revise Phoenix adapter to support new config options
  • Doc updates

0.7.0 (17 Mar 2023)

Enhancements

  • Add configuration points for various parameters within the HTTP/1, HTTP/2 and WebSocket stacks. See Bandit docs for details

Changelog for 0.6.x

0.6.11 (17 Mar 2023)

Changes

  • Modified telemetry event payloads to match the conventions espoused by :telemetry.span/3
  • Default shutdown timeout is now 15s (up from 5s)

Enhancements

  • Update to Thosuand Island 0.6.4 (from 0.6.2)

0.6.10 (10 Mar 2023)

Enhancements

  • Support explicit setting of WebSocket close codes & reasons as added in WebSock 0.5.0

0.6.9 (20 Feb 2023)

Enhancements

  • Add comprehensive Telemetry support within Bandit, as documented in the Bandit.Telemetry module
  • Update our ThousandIsland dependnecy to pull in Thousand Island's newly updated Telemetry support as documented in the ThousandIsland.Telemetry module
  • Fix parsing of host / request headers which contain IPv6 addresses (#97). Thanks @derekkraan!

Changes

  • Use Plug's list of response code reason phrases (#96). Thanks @jclem!
  • Minor doc updates

0.6.8 (31 Jan 2023)

Changes

  • Close WebSocket connections with a code of 1000 (instead of 1001) when shutting down the server (#89)
  • Use 100 acceptor processes by default (instead of 10)
  • Improvements to make WebSocket frame masking faster

0.6.7 (17 Jan 2023)

Enhancements

  • Remove logging entirely when client connections do not contain a valid protocol
  • Refactor WebSocket support for about a 20% performance lift

Bug Fixes

  • Add nodelay option to test suite to fix artificially slow WebSocket perf tests

0.6.6 (11 Jan 2023)

Enhancements

  • Log useful message when a TLS connection is made to plaintext server (#74)

0.6.5 (10 Jan 2023)

Enhancements

  • Update Thousand Island to 0.5.15 (quiets logging in timeout cases)
  • Quiet logging in when client connections do not contain a valid protocol
  • Refactor HTTP/1 for about a 20% performance lift
  • Add WebSocket support to CI benchmark workflow
  • Doc updates

Bug Fixes

  • Allow multiple instances of Bandit to be started in the same node (#75)
  • Improve error handling in HTTP/1 when protocol errors are encountered (#74)