v3.6.2

Changes

• Use sha1-smol, closes #267 by @goto-bus-stop in #269
• Fix rouille::Server: Expose new_ssl on feat rustls by @NobodyXu in #272
• Remove dependency on num_cpus by @meesfrensel in #268

New Contributors

• @goto-bus-stop made their first contribution in #269
• @NobodyXu made their first contribution in #272
• @meesfrensel made their first contribution in #268

Full Changelog: v3.6.1...v3.6.2

v3.6.1

Changes

Reverts Added a number of default features as it breaks any downstreams who were specifying default-features = false.

Full Changelog: v3.6.0...v3.6.1

v3.6.0

Changes

• Added rustls support (via tiny-http), if you're currently using the ssl feature you can switch from OpenSSL to Rustls by instead enabling the rustls feature in your Cargo.toml.
• Added a number of default features to allow users to reduce their dependency graph where they don't need all the functionality Rouille provides. logging, assets, post and session are now optional, but enabled by default for backwards compatibility.
• Correctly support 'flag' type query parameters where the parameter has no associated value. Previously a query like GET /?foo would return None from get_param, instead of Some("").
• Updated tiny-http to 0.12.0, further reducing the dependency tree by breaking our hard requirement on time-rs. This version of tiny-http also enables Unix socket listeners, which will be exposed in a future release of Rouille.

New Contributors

• @HookedBehemoth made their first contribution in #254
• @vmiklos made their first contribution in #265
• @DeWarner made their first contribution in #259

Full Changelog: v3.5.0...v3.6.0

v3.5.0

Changes

• Replaced our use of the brotli2 crate with the alternative pure Rust implementation brotli. This removes Rouille's vulnerability to RUSTSEC-2021-0131, which existed due to brotli-sys bundling a vulnerable version of the underlying C library.
• Unpinned time-rs and as a result increased our MSRV to 1.51, we don't have a formal MSRV policy and the ecosystem is making it more and more difficult to support compiler versions more than about 6 months old.

All Changes: v3.4.0...v3.5.0

v3.4.0

Changes

• Resolved a number of cleanup & refactoring TODOs
• Correctly identify non-lowercase content types as text (e.g. text/JSON would be incorrectly identified as non-text).
• Pinned time-rs to 0.3.2 to avoid a semver-breaking change in their MSRV.
• Bumped chrono to 0.4.19 and disabled their default feature set to avoid warnings about RUSTSEC-2020-0071 (Rouille was never vulnerable, but used a vulnerable version of chrono).

v3.3.1

Changes

• Use .strip_prefix in place of .starts_with where appropriate, this stops a Clippy lint from leaking out of our router! macro and into downstream code.

v3.3.0

Changes

• Bumped minimum supported Rust version to 1.48
• Added module-level documentation for rouille::content_encoding
• Updated time dependency to 0.3 and postgres to 0.19 to fix a compile failure due to a yanked version of sha1.
• Fixed numerous typos in the crate documentation.

v3.2.1

Changes

• Removed unused dependency term and updated rand, multipart, deflate and time to latest supported versions.

v3.2.0

Changes

• Add ResponseBody::from_reader_and_size for constructing a ResponseBody
  from a Reader and an already known size such that Content-Length may be
  set on the response.

v3.1.0

Changes

• Add Server::poll_timeout() for polling more efficiently.
• Add Server::stoppable() for running a single, cancellable server thread.
• Add Server::join() for finalising all in-flight requests before shutting down.
• Prevent infinite loop on Websocket EOF
• Update tiny-http to 0.8.1 containing fixes for:
  • HTTPS deadlock where one request holds a locked resource while another is
    attempting HTTPS negotiation
  • Fix RUSTSEC-2020-0031
  • Don't set Transfer-Encoding: chunked on 1xx or 204 responses (which can lead
    to clients hanging).
• Bump minimum support Rust version to 1.41.1