Release 2.0.0-M1

Release 2.0.0-M1 is the first milestone release for our next major release 2.0.0 and contains several breaking changes. That's why we will support both 1.x and 2.x for some time.
The following table provides an overview about the supported specs and frameworks:

Version	Branch	Java Enterprise support	Spring versions	JAX-RS/ Jersey version	Struts support	Spark support
1.x	1.x	Java EE (javax.*)	5.x (Boot 2.x)	2.x	✅	✅
2.x	main	Jakarta EE (jakarta.*)	6.x (Boot 3.x)	3.x	❌	❌

Please note that multipart upload functionality is currently not supported as we are waiting for a release of Apache Commons Fileupload 2 (see https://issues.apache.org/jira/browse/FILEUPLOAD-309).

Features

• Jakarta EE, Spring 6.x and Spring Boot 3.x support #477, #478, #487, #510, #549 - thanks to @farazhv, @mbfreder and @valerena for contributing

Improvements

• reduce number of transitive dependencies/ move test-classes to separate test-jar
• move to Apache HTTP Client 5 for testing

Bugfixes

• content-type resolution - we return null instead of application/octet-stream if content type cannot be resolved (as per servlet-api docs), a fix to make probeContentType work in Lambda execution environment is being worked on by the Lambda service team #504 - thanks to @Artur- for contributing
• Servlet class loaded with the wrong class loader #506 - thanks to @Artur- for contributing

Dependencies (only mentioning major dependencies)

• Update Jersey dependency to 3.1.2
• Update Jackson dependency to 2.15.1
• Update Spring dependencies (framework to 6.0.9, security to 6.1.0, boot to 3.1.0)

Release 1.9.3

Release 1.9.3 contains one fix and several dependency updates.

Fixes

• AwsProxyHttpServletRequest#getLocale incorrect for locales with country subtag (#511, #512) - thanks to @kerkhofsd for contributing

Dependencies

• Update Spring dependencies (framework to 5.3.27, security to 5.7.8, boot to 2.7.11)
• Update Apache HttpComponents dependencies (httpmime, httpclient to 4.5.14, httpcore to 4.4.16)
• Update Jackson dependency to 2.15.0

Release 1.9.2

Release 1.9.2 contains two fixes and several dependency updates.

Fixes

• Dispatch to the given servlet when using getNamedDispatcher (#502) - thanks to @Artur- for contributing
• Write resources using the charset defined in a Content-Type header (#501) - thanks to @Artur- for contributing

Dependencies

• Update OWASP dependency check to 8.1.2
• Update JUnit to 5.9.2
• Update Spring dependencies (framework to 5.3.26, security to 5.7.7, boot to 2.7.10)
• Update Jackson to 2.14.2
• Update Commons Fileupload to 1.5
• Update SLF4J to 2.0.7
• Update Struts to 6.1.2
• Update Mockito to 4.11.0
• Update Jersey to 2.39.1 along with JAX-RS API to 2.1.1

Release 1.9.1

Release 1.9.1 contains a few fixes, one improvement and several dependency updates.

Fixes

• Fix broken struts pet-store sample project (#479) - thanks to @jogep for contributing
• Corrected Spring Boot 2 sample template (#484)
• Fixing NullPointerException in case of non defined statusCode (#497) - thanks to @anmolk6 for contributing

Improvements

• Add ALB Context to API GW Payload V2 (#489) - thanks to @driverpt for contributing

Dependencies

• Update Jersey dependencies to 2.37
• Update Jackson databind version to 2.14.1 (CVE-2022-42003)
• Explicitly set version for transitive commons-text dependency (CVE-2022-42889)
• Explicitly add more recent commons-io version (#488)
• Update Spring dependencies (framework to 5.3.24, security to 5.7.5, boot to 2.7.6)
• Update Struts dependency to 6.1.1
• Update lambda-java-core dependency to 1.2.2
• Update SLF4J to 2.0.6
• Update Mockito dependency to 4.9.0
• Update some Maven plugins to allow build with JDK17

Release 1.9

Release 1.9 contains several improvements and dependency updates.

In case you are using Struts, please note that you need to use a different artifactId (aws-serverless-java-container-struts) starting with this release.

Improvements

• add single value headers and query string params (#315) - thanks to @sigpwned for contributing
• docs: Documenting use of suppress warnings for path traversal in security utils (#473)
• samples/ archetypes are now using java11 (instead of java8) runtime

Dependencies

• Update to the new Struts 6 major version (#471) - thanks to @jogep for contributing
• Update Spring dependency versions (framework to 5.3.22, security to 5.7.3, boot to 2.7.3)
• Update Spark version to 2.9.4
• Update Jackson version to 2.13.4
• Update SLF4J version to 2.0.2
• Update Log4J version to 2.19.0
• Update Jersey version to 2.36

Release 1.8.2

Release 1.8.2 contains a fix and dependency updates.

Fixes

• AwsHttpApiV2ProxyHttpServletRequest.headersMapToMultiValue truncates the user-agent (#464, #465) - thanks to @bqader for contributing

Dependencies

• Update Spring dependencies (framework to 5.3.20, security to 5.6.5, boot to 2.6.8)
• Update Jackson version to 2.13.3

Release 1.8.1

Release 1.8.1 contains a few fixes and dependency updates.

Fixes

• use environment variables to tune async init - and not system properties (#450)
• add JsonIgnoreProperties to HttpApiV2ProxyRequestContext to avoid UnrecognizedPropertyException for Lambda Function URLs with IAM auth (#460)

Dependencies

• Update Spring dependencies (framework to 5.3.19, security to 5.6.3, boot to 2.6.7)
• Update Struts2 version to 2.5.30

Release 1.8

Release 1.8 contains several improvements, fixes and dependency updates.

Improvements

• Add support for HTTP API cookie parameter (#452, #453) - thanks to @arthurkamwt for contributing
• Add environment variables to tune async init without the need to recompile (#450)

Fixes

• AwsHttpApiV2ProxyHttpServletRequest.getParameterMap returns arrays containing null for empty query params (#427)
• ${} versions in archetypes need escaping otherwise they will be replace directly

Dependencies

• Update Spring dependencies (framework to 5.3.17, boot to 2.6.5, security to 5.6.2)
• Update OWASP dependency checker to 6.5.3
• Explicitly set commons-io version to 2.11.0 to avoid older transitive dependency version (CVE-2021-29425)
• Update Log4J version to 2.17.2
• Move spotbugs plugin config to parent pom
• Update Jackson version to 2.13.2/ 2.13.2.1 (databind) (CVE-2020-36518)
• Update commons-codec version to 1.15

Release 1.7

Release 1.7 contains several improvements and dependency updates.

Improvements

• Add support for Lambda Authorizers in combination with Http API 2.0 payload format (#386)
• Change AwsHttpServletRequest constructor to protected to allow extension (#422)
• Jersey startup time improvements (#366)
• Updated sample and archetype maven build files to avoid "The packaging for this project did not assign a file to the build artifact" message (#336)
• fix: asyncInit() code sample (#391)
• fix: form param names must be included in getParameterNames() (#340)
• getServletContextName() must not throw UnsupportedOperationException (#448)

Dependencies

• Update Spring dependencies (framework to 5.3.15, boot to 2.6.3, security to 5.6.1)
• Update Log4J dependency to 2.17.1 (CVE-2021-45105, CVE-2021-44832)
• Update Struts2 dependency to 2.5.29
• Update SLF4J version to 1.7.36
• Minor dependency updates (Jackson, Jersey, Jetty, aws-lambda-java-log4j2, lambda-logging)
• Remove unused jetbrain annotations dependency

Other changes

• Release is now automated through a GitHub action

Release 1.6.1

Release 1.6.1 is a bug-fix release

Dependencies

• Update to Log4J 2.16.0 (CVE-2021-44228)