10.1.x Release Notes

10.1.15

This release is an important security fix release, backporting fixes from 10.2.7 to the 10.1.x line of releases. Note, that we do not plan any further releases for 10.1.x, so please consider upgrading soon to the latest supported release line, 10.2.x. Due to our binary compatibility guarantees, as long as no deprecated methods were used, 10.2.x should be a drop-in replacement in 10.1.x projects, even when transitive dependencies depended on 10.1.x.

Most importantly, we fixed a problem with parsing headers containing comment elements (#3918). The HTTP spec allows arbitrary nesting of those elements, e.g. in the User-Agent header. When such a header is parsed, an Akka HTTP application may fail fatally with a StackOverflowError. Akka HTTP 10.2.7 mitigates this issue by conservatively limiting the allowed depth of comment elements in headers.See the advisory for CVE-2021-42697 for more information about this security issue.

Another issue has been fixed in relation to header rendering (#3717). Akka HTTP does not validate that header values (or keys) are well-formed when those are provided as Strings (e.g. in a RawHeader). In particular, HTTP headers are not allowed to contain the special characters '\r' or '\n' which are used to delineate headers in an HTTP message. Before 10.2.7, Akka HTTP would naively render those broken header values leading to broken HTTP messages. The generation of headers is usually in complete control of the application. However, an application may accidentally pass incoming unvalidated user data to response headers. In such a case, a remote user might be able to inject line terminators into the response headers leading to invalid or misleading HTTP response messages. Depending on the server setup, this can be a building block for severe attacks.

To mitigate this issue, Akka HTTP now discards outgoing headers containing line terminators and logs a warning. Users are encouraged to be on the watch when creating headers (or any kind of outgoing data) from unvalidated user input as this is a common vector for different kinds of attacks.

A few smaller issues have been backported as well, see below.

akka-http-core

• Discard outgoing headers containing line breaks #3922
• Limit comment nesting in header parser #3941
• Add pool keep-alive-timeout #3816
• Don’t send ‘100 Continue’ if ‘Content-Length’ header is 0, doesn’t exist or data got send early #3787
• Update to Scala 2.13.7 #3945
• Fix MessageSpec with higher test.timefactor values #3880

10.1.14

This release fixes CVE-2021-23339, a vulnerability regarding interpretation of Transfer-Encoding headers. See Incorrect Handling Of Transfer-Encoding Header.

The vulnerability cannot be exploited using just Akka HTTP itself. Instead, Akka HTTP must be use as a proxy and the downstream server must be vulnerable itself, so that the proxy and the downstream server disagree on how to interpret a malformed request containing both Transfer-Encoding and Content-Length headers potentially leading to a “Request Smuggling” vulnerability. If you are using Akka HTTP as a reverse proxy, make sure to upgrade to the latest version.

Starting from this version, only a single Transfer-Encoding: chunked header is allowed. HTTP/1.1 specifies other encodings, however, those are not supported or implemented in Akka HTTP. Formerly, Akka HTTP would just pass on unsupported Transfer-Encoding headers to the user which lead to the above security issue. Since Akka HTTP implements the “Transfer” part of the protocol, it seems reasonable to lock down allowed values for Transfer-Encoding to prevent security issues like this. Please let us know if this leads to compatibility problems with your software.

10.1.13

Changes since 10.1.12

akka-http-core

• Don’t fail pool slot after previous connection failed in special condition #3021
• Make HttpEntity.Strict.discardBytes a no-op #3329

10.1.12

ALPN support in JDK >= 8u252

ALPN support was backported to recent JDK 8 updates. When using HTTP2 support with these JDKs, the jetty-alpn-agent is not needed anymore. If you want to run on older and newer JDKs with the same command line, make sure to use the most recent version of jetty-alpn-agent which will automatically disable itself for newer JDKs.

Changes since 10.1.11

akka-http-core

• Fix EOL detection for body part parsing #3144
• Fix parsing of partly cached headers with UTF-8 values #3096
• Fix cancellation race conditions on the client-side #2965
• Make sure to cancel response entity on failure #3046
• Make sure reference.conf files end with a new-line character.#2841
• Only catch NonFatal Exceptions while parsing responses #2853
• Add the remote address in parse errors when possible (when remote-address-header is enabled) #2899
• Silence outgoing request stream error (and make it more useful) #2816
• Identify Content-Type charset parameter even if not lower case #2926
• Prevent initialization NPE which might fail all retries quickly #2958
• Add exclusion for Extension issues when building against Akka 2.6 #2945
• Nest correctly in NewHostConnectionPool #2964

akka-http-marshallers

• Jackson: better JSON validation error when unmarshalling #2901

docs

• Small typo in docs/src/main/paradox/common/marshalling.md #2864
• Add warning on usage on extractClientIP #2922
• Show RequestBuilding in client examples #2968
• Fix project-info links to API docs #2857

akka-http2-support

• Support ALPN natively on JDK >= 8u252 #3125
• Gracefully discard unsupported h2 SETTINGS #3053
• Potential fix for idle timeouts in http2 #2776
• Fix HeaderCompression updating table size without giving notice to peer #2888

10.1.11

Changes since 10.1.10

akka-http-core

• Hide body data from Http.Strict#toString #2737
• Support chunked trailing headers in transformDataBytes #2748
• Fix race condition in ConnectionPoolSpec, #2796
• Improve WS masking performance #2801
• Update naming for status codes 413, 414, 416 and 505 #2808
• Improve “Entity stream truncation” error message #2789
• Silence noisy pool idle timeout messages #2816
• Improve EntityStreamSizeException message #2823
• Tone down the connection failure warning #2837

akka-http

• fix default rejection message for unsupported content type #2804

akka-http2-support

• Allow sending an ack SETTINGS frame immediately #2735
• Make sure all substreams are closed when connection is torn down#2777
• Fix HTTP/1.1 ALPN negotiation #2791

docs

• Fix authorizeAsync documentation #2746
• Doc fix for regex paths from Java #2749
• Fix/amend 10.1.10 release notes formatting#
• Typed sample polish #2784

build

• Collapse PR validation report for less clutter #2707
• Update to latest Scala versions #2756
• Allow deployRsync for publishing snapshot docs #2821
• Use more resilient checking for Scala 2.13 in Mima #2820
• Enable coursier #2835

10.1.10

Migration notes

RFC 7231 dictates an HTTP response with status code 205 (‘Reset Content’) is not allowed to have an entity body. Since #2686 we enforce this restriction, so if you (incorrectly) produced such responses you will have to either remove the entity body or select a different status code.

Changes since 10.1.9

For a full overview you can also see the 10.1.10 milestone:

akka-http-core

• Fix 205 HTTP status not to contain any HTTP entity #2686
• Support multiple subprotocols in WebSocket handshake #2606
• Add endsWith predicate to Uri.Path #2480
• Handle unrecognized status codes according to spec #2503
• Better error handling on server when response entity stream fails #2627
• Force connection closure when pool is stopped #2631
• Enable log-unencrypted-network-bytes also for websocket client traffic #2647
• Add modeled header for Content-Location #2540
• Streamed response processing performance improvements #2645
• Make custom MediaType and MediaRange.matches case-insensitive #2126
• Avoid prematurely closing long-lived requests #1847
• Avoid reliance on deprecated ActorPublisher, as this is no longer available in Akka 2.6 #2617

akka-http

• More precise IllegalArgumentException catch for case class extraction #2593
• Add logging unsupported content type #2512
• Widen JavaUUID regexp’s #2624

akka-http2-support

• Support HTTP2 in cleartext (h2c) via Upgrade from HTTP1 #2464
• Backpressure incoming frames when too many outgoing control frames are buffered #2706
• Fix receiving HEADERS with more than one CONTINUATION frame #2701

10.1.9

10.1.9 is the tenth release in the 10.1.x series of Akka HTTP. See the announcement and the full list of changes below.

Changes since 10.1.8

For a full overview you can also see the 10.1.9 milestone:

akka-http-core

• Don’t use a https connection pool for http connections (javadsl) #2562

akka-http

• Add String-to-UUID unmarshaller to the predefined Scala unmarshallers #2505
• Improve validation in uuid unmarshaller #2569
• Fix missing header rejection for custom headers #2487
• Fix case of nested FormField if first formField usage is with single parameter #2524
• Support ‘streaming back’ an uploaded file #2582

akka-http2-support

• Allow HTTP/1.1 and HTTP/2 on the same port without TLS or Upgrade headers #2543
• Retired the UseHttp2 setting: when enabled, HTTP/2 is now always available #2557
• Add akka.http.server.http2.log-frames for verbose frame logging for debugging purposes #2561
• Fix reception of unexpected mid-stream HEADERS frame with endStream=false #2557
• Close HTTP/2 streams earlier #2551

akka-http-caching

• Upgrade caffeine to 2.7 which removes need for dummyLoader #2443
• Add Cache.put method to refresh cached value without removing it first #2385

10.1.8

10.1.8 is the ninth release in the 10.1.x series of Akka HTTP. See the announcement and the full list of changes below.

Changes since 10.1.7

For a full overview you can also see the 10.1.8 milestone:

Improvements

akka-http-core

• Do not include error details in HTTP response #2314
• More reliable detection of HTTPS => HTTP connection attempts #1886
• use JDK9+ ALPN support if available #2280
• Allow overriding of User-Agent header with custom RawHeader #2277
• Allow overriding of Host header with custom RawHeader #2436
• Support for scala 2.13.0-M5 #2298
• Optimize HttpMessageParser.push code path #2450
• Optimize RequestTimeout support for the common case #2452
• Use static scanning when searching for well-known ContentType for rendering #2453
• Add new option to close connections after a period of time #2016

akka-http

• Change GZip and Deflate compression level and makes it configurable #2318
• Provide configuration settings for client SSE limits #2193
• Oversized requests should return 413 and not 500 #358
• Don’t repeat query of target URI in error response #2397

docs

• Improve onSuccess docs to explain Tupler magic #993
• Add links endorsing support projects #1968

akka-http2-support

• Allow (but ignore) RST and WindowUpdate frames on closed HTTP/2 streams #2457
• Clean up ALPN when the stream is stopped #2471

Bug fixes

• Response shouldn’t override connection header when connection is force-closed #2403
• Disable to append charset=UTF-8 by default in Content-Type: application/x-www-form-urlencoded FormData #91
• Fix int overflow in sliceBytesTransformer #2440
• LogRequest not respecting LogLevel in Java #2418

10.1.7

10.1.7 is the eighth release in the 10.1.x series of Akka HTTP. See the announcement and the full list of changes below.

Changes since 10.1.6

For a full overview you can also see the 10.1.7 milestone:

• Media types were added for application/problem+json and application/problem+xml (RFC 7807) #2323
• Media types were added for font/woff and font/woff2 #2330
• A checker was added that produces a run-time warning when different versions of Akka HTTP modules are found on the classpath #2335
• Various dependencies were updated #2328

10.1.6

10.1.6 is the seventh release in the 10.1.x series of Akka HTTP. See the full list of changes below.

Migration Notes

• akka-http now requires to be run with Akka 2.5.19+ to support JDK 11 from Java.
• RoutingSettings were moved to akka-http from akka-http-core (where they logically belong). Make sure to depend on akka-http when referencing this class (which is very likely because it couldn’t be used otherwise).
• akka-stream-testkit is now a only a provided dependency for akka-http-testkit, if you use akka-http-testkit also add a dependency to akka-stream-testkit into the mix

Changes since 10.1.5

For a full overview you can also see the 10.1.6 milestone:

Improvements

akka-http-core

• Require Akka 2.5.19 for JDK 11 support
• Move RoutingSettings to akka-http module (#2307)
• Use collision-resistant maps in header parsing (#2276)
• Depend on Scala 2.12.8 to allow Java usage from JDK 11 (#2305)
• Add application/merge-patch+json (#2190)
• Require Akka 2.5.10 and use the new version checker utility (#1880)
• Add HttpEntity.isStrict (#2228)
• Log time spent in a pool slot for simpler spotting of slow transition periods (#2226)
• Replace existing HTTP Status Code 425 with TOO_EARLY (#2255)
• Java API - call scala HttpEntity.toStrict that respects maxBytes (#2287)
• Override getForKeyCaseInsensitive in HttpMethods (#2303)
• Fix several warnings across all the modules (#2292)
• Deprecate unofficial Microsoft media-types and add the official ones (#2264)

akka-http

• Use collision-resistant maps for formFieldMaps (#2274)
• Add Directive#tcollect and Directive1#collect (#2253)
• Do not set dispatcher for file directives and remove file-io-dispatcher config (#1879)
• Add new method for routes chaining in Java DSL (#1170)
• Fail with unwrapped exception when using CompletionStage (#2054)
• Return RequestEntityTooLarge status code in case of EntityStreamSizeException (#2279)

akka-http-testkit

• akka-stream-testkit is now a provided dependency for akka-http-testkit (#2262)

Bug Fixes

akka-http-core

• Client pool: exponential backoff after failed connection attempts (#1391)
• Fix broken multi-byte UTF-8 decoding in HeaderParser if UTF-8 sequence is cut in the middle (#1484)
• Fix limiting of chunk size in the NoCode encoder (#2252)
• Allow chunked responses in HttpMessage with protocol = HTTP/2, fixes (#2217)

akka-http

• Default exception handlers do now discard entity bytes when completing a request that ended in error (#2084)
• Fix cancellation and head-of-line blocking in fileUpload directive (#2224)
• toStrict the entity when parsing multiple form fields (#2283)
• Fix CsvSeq unmarshaller to include trailing empty string values in the result Seq[T] (#2249)

akka-http2-support

• Handle stream cancellation while outgoing data is buffered (#2237)

akka-http-caching

• Fix that LfuCache ttl can be equal to tti (#2188)

10.1.5

10.1.5 is the sixth release in the 10.1.x series of Akka HTTP.

It is mainly a mitigation for the DoS vulnerability when using decodeRequest

Migration Notes

To avoid excessive memory usage we introduced two new limits that apply per default:

• akka.http.routing.decode-max-size: This limit applies when you use decodeRequest to limit the amount of decompressed data. The default limit is 8 megabytes.
• akka.http.parsing.max-to-strict-bytes: This limit applies when you use HttpEntity.toStrict or the toStrictEntity directive (and related directives). It will only collect up to the given amount data and fail otherwise. The default limit is 8 megabytes.

Depending on your application requirements, you may want to change these settings.

Changes since 10.1.4

For a full overview you can also see the 10.1.5 milestone:

• Restrict the maximum size of a request entity after uncompressing it with decodeRequest #2137
• Restrict the maximum size of a request entity when reading it into memory with toStrict #2186
• Correctly set a default parallelism value when none is specified for HTTP/2 #2165
• Avoid matching an empty pattern when using PathMatcher.repeat #2097
• Add ServerSentEvent.heartbeat() to the Java DSL #2187

10.1.4

10.1.4 is the fifth release in the 10.1.x series of Akka HTTP.

Among many other things, this release includes a fix for handling early responses in the client, HTTP/2 improvements and many updates to the documentation.

Changes since 10.1.3

For a full overview you can also see the 10.1.4 milestone:

Fixes in akka-http-core

• Support for scheme ending in digit in Uri.from (#2080)
• Allow MediaTypes in Sets (#2144)
• Allow creating an unencrypted HTTP/2 server from Java (#2110)
• Fix a bug in handling chunked responses in the new connection pool (#2138)
• As a websocket client, support receiving the upgrade request in parts (#2152)
• Support HSTS headers with trailing semicolons and unusual field ordering (#2122)

Improvements in akka-http-core

• Improved graceful shutdown behavior (#2090)
• More sensible default for bindAndHandleAsync parallelism setting with HTTP/2 (#2145)

Improvements in akka-http

• Allow java/scala conversion for Routes for users (#891)
• Commonize marshalling selection code (#2004)

Improvements in akka-http-testkit

• Allow configuring the marshalling timeout (#2127)

Improvements in docs

• Fix broken links at release notes (#2082)
• Fix links to RequestEntityExpectedRejection api documentation (#2094)
• Document GenericMarshallers.futureMarshaller (#2095)
• Clarify not all abrupt client go-aways are clean (#2101)
• Clarify documentation for PathDirectives (#2109)
• Updated outdated SecurityDirectives documentation (#1715)
• Link to the Play and Lagom websites (#2121)
• Improve source-streaming docs (#2131)
• Add warning banner when browsing old versions (#2135)

10.1.3

10.1.3 is the fourth release in the 10.1.x series of Akka HTTP.

This release addresses a critical memory leak issue introduced by the graceful termination infrastructure added in 10.1.2. No other risky changes are made in this release, in order to make it a trustworthy fix drop-in replacement of 10.1.2.

Changes since 10.1.2

For a full overview you can also see the 10.1.3 milestone:

Fixes in akka-http-core

• ServerTerminator memory leak in 10.1.2 (#2067)
• Avoid eagerly failing connections when request closes (#2066)

Fixes in docs

• Correct pipelining-limit flag name (#2059)
• Fix link to compatibility rules section (#2062)

Improvements in docs

• Reference documentation for Graceful Termination (#2072)
• Enhance Caching Documentation (#2060)

10.1.2

10.1.2 is the third release in the 10.1.x series of Akka HTTP.

Notably, this release:

• Introduces “Graceful” Server Termination (#118): calling the newly introduced terminate on the ServerBinding will cause the binding to start gracefully rejecting new requests, while giving existing requests a deadline to complete normally.
• Discards Entities in Default RejectionHandler (#38). Previously, when rejecting a request, the default rejection handler would not consume the request entity. The default rejection handlers have been updated to consume the request in this case.
• Appends a newline to every element when streaming CSV (and NDJSON, #1931): Previously, CSV lines would only be interspersed with newlines, but no final newline would be sent. While arguably this was a bug in itself, it also had the unfortunate effect that a newline would only be emitted when the next CSV line became available, which is especially surprising in situations where CSV data is produced relatively slowly.

Changes since 10.1.1

For a full overview you can also see the 10.1.2 milestone:

Fixes in akka-http-core

• Default rejection handlers do now discard entity bytes when rejecting a request (#38)

Improvements in akka-http-core

• Added toStrict to WS Messages (#15)
• Accept LF end of line instead of CRLF only (#106)
• Add setting ignore-illegal-header-for (#687)
• Support parameters for custom media types (#2005)
• Accept response before request has been sent completely (#1746)
• Added ability to set https proxy host and port through application.conf (#995)
• “Graceful” Server Termination #188 (#2035)

Fixes in akka-http

• fix 500 error in conditional GET for non-etag response (#1951)

Improvements in akka-http

• Discard Entity in Default RejectionHandler (#38)
• Adds missing parameter with required value directive for Java API (#2025)
• Add Java DSL optionMarshaller (#1247)
• Append newline to every element when streaming CSV (and NDJSON). (#1931)

Fixes in docs

• Fix Java snippet in Path Matcher doc page (#2000)
• Add missing methods for creating custom binary MediaTypes (#2008)
• Update outdated link in “Handling blocking operations” (#2038)

Improvements in docs

• Added explanations for beginners how to access the server (#1975)
• Add dynamically updating routes example (#1935)
• Recommend static Directives. imports over AllDirectives (#1993)

Fixes in akka-http2-support

• Ignore unknown h2 SETTINGS (#2039)
• Allow h2 SETTINGS with large max header table size (#2040)

Improvements in akka-http2-support

• Run h2spec integration tests (#1988)
• Allow Http2 without negotiation/TLS (#1934)

10.1.1

See the announcement and closed tickets on the 10.1.1 milestone.

10.1.1 is the second release in the 10.1.x series of Akka HTTP.

This release brings a number of small, yet long requested features, including:

• automatic WebSocket keep-alive using Ping frames,
• removing the need for implicit parameters in order to call Route.seal (in Scala DSL)

As usual, the release is backwards compatible as outlined in our binary compatibility guidelines.

List of changes (since 10.1.0)

Fixes in akka-http-core

• Emit entity truncation errors before completing graph stage (#1947)
• Fix type parameters in Java API to work with latest Akka (#1965)

Improvements in akka-http-core

• Transparent websocket ping/pong (keep alive) (#1938)
• Fix a few Scala 2.13.0-M3 compilation issues (#1918)
• Always parse Content-Encoding and WebSocket headers (#1937)
• Support conversion between scaladsl.Uri and javadsl.Uri (#1950)

Improvements in akka-http

• Remove not needed implicits from Route.seal (#1928)

Improvements in akka-http-testkit

• Fix type parameter variance in Java API to work with latest Akka (#1965)

Improvements in documentation

• Document client-side for streaming JSON (#1964)
• Add package name to PathMatcher javadsl docs (#1933)
• Fix paradox error for discard entity bytes (#1944)
• Minor correction in rejections.md (#1924)
• Cache docs: more explicit imports, create cache once (#1955)
• Better caching example for Java

Infrastructure and build fixes

• Fully remove OSGi support (#1943)
• Which was already removed and discussed in 10.1.0

10.1.0

See the announcement and closed tickets on the 10.1.0 milestone.

10.1.0 is the first release in the 10.1.x series of Akka HTTP.

The most important changes are:

• Removing support for Akka 2.4.x which is at its end-of-life with the end of 2017. In the future, this will allow us to make use of features that only Akka 2.5 supports.
• Removing methods that have been deprecated during the life-time of Akka HTTP 10.0.x. For now, methods only deprecated in the last release of Akka HTTP, 10.0.11, are not yet removed to allow for a smooth transition.
• The new client pool implementation introduced in 10.0.11 is now the default. We have identified and fixed several bugs in the RC period so by now we are quite confident that the new client pool will be a solid replacement for the legacy one.
• Documentation has been completely consolidated between Scala and Java pages. Hundreds of directive documentation pages have been merged in a tireless effort by @jonas, @jlprat, and Akka team’s @raboof.

Akka is not an explicit dependency anymore / Removal of Akka 2.4 support

Akka HTTP 10.0.x has always supported Akka 2.5, while allowing users to still remain on Akka 2.4.x if they choose to do so. By now Akka 2.4 has reached its end of life. Therefore, Akka HTTP 10.1.x only supports Akka >= 2.5.11 (and future versions during the life of Akka HTTP 10.1.x) so we will be able to make of features only provided by Akka 2.5. In some cases we bump the minimum supported patch version of Akka to be able to use new features quickly.

Using Akka HTTP with Akka 2.5 used to be a bit confusing, because Akka HTTP explicitly depended on Akka 2.4. Trying to use it together with Akka 2.5, running an Akka HTTP application could fail with class loading issues if you forgot to add a dependency to both akka-actor and akka-stream of the same version. For that reason, we changed the policy not to depend on akka-stream explicitly anymore but mark it as a provided dependency in our build. That means that you will always have to add a manual dependency to akka-stream. Please make sure you have chosen and added a dependency to akka-stream when updating to the new version (veterans may remember this policy from Spray).

Deprecation Removals

Methods were removed that have been deprecated during the life-time of Akka HTTP 10.0.x. Methods that were only deprecated in the last release of Akka HTTP, 10.0.11, are not yet removed to allow for a smooth transition. In general, our guarantee for minor release updates is that code that compiled on the latest version of the previous minor release (10.0.11 in this case) should be both source and binary compatible with the latest version of the current minor release. We might make exceptions to the rule for cases where the maintenance burden seems greater than the risk of breaking major users / third-party libraries. We’ll treat any other binary incompatibilities as regressions.

New client pool implementation is now the default

The new client pool implementation introduced in 10.0.11 is now the default. Since 10.0.11, we fixed several bugs in the new client pool implementation. You can still fall back to the old implementation by setting akka.http.host-connection-pool.pool-implementation = legacy.

Compatibility Notes

As the compatibility notes explain in detail, we guarantee binary compatibility. In some cases, however, a new version is not strictly source compatible. We try to limit the impact of these kinds of changes but sometimes, they are inevitable to improve the API.

Source incompatible changes are:

• Removed deprecated methods from 10.0.x
• ServerBinding.unbind return type has been changed to Future[Done]CompletionStage[Done] for consistency.

Support for Scala 2.13.0-M3

Akka HTTP 10.1.0 is released for Scala 2.11, 2.12, and 2.13.0-M3. Due to a regression in Scala 2.13.0-M3 tail call optimization does not apply anymore in some cases where it did before which might lead to stack overflow when running with Scala 2.13.0-M3.

Removal of OSGi support

Supporting OSGi is error prone and high maintenance and it repeatably broke, blocked releases, or metadata turned out to be wrong. As we are no experts in OSGi, and are nowadays focusing our efforts on JDK9+ jigsaw compatibility we had to remove OSGi support for now. If you care about OSGi support please step up and help out. Most important would be adding tests that verify that the OSGi infrastructure does not break the build and the metadata actually works at runtime. See #1852 for more information.

List of changes (since 10.1.0-RC2)

Improvements

akka-http-core

• Add headers and getHeaders method to HttpMessage (#1731)
• More specific warning for HTTPS requests on HTTP endpoints (#1829)
• Add ability to access current response timeout (#1811) (#1828)
• Move ClientTransport from ConnectionPoolSettings to ClientConnectionSettings so the transport can be configured in all client APIs (#1562)

akka-http

• Support OAuth2 access token in URI query component as defined in RFC6750 (#1769)

akka-http2-support

• Support for trailing response headers in HTTP/2 (#1857)

Documentation

• Add docs and tests for combining | with / in paths (#1861)
• Fix links to objects in the API docs

Bug Fixes

akka-http-core

• Normalize port in Uri.apply consistently (#1763)
• Return status 400 instead of 500 for requests with invalid URI scheme (#36)
• Allow Sec-WebSocket-Extensions in requests
• Fix incompatibility of Akka HTTP with Akka typed (#1878)

akka-http2-support

• Fix HTTP/2 trying to send even if stream window was depleted (#1882)

10.1.0-RC2

See the announcement and closed tickets on the 10.1.0-RC2 milestone.

10.1.0-RC2 is the second release candidate for the upcoming Akka HTTP 10.1.0. We focused on stabilizing the new client connection pool. Over the last month our test suite caught lots of edge cases that were fixed for this release. Also, we improved logging output for the new pool.

List of changes (since 10.1.0-RC1)

Improvements

akka-http-core

• Add HTTP status code 421 (#1749)
• Add HTTP status code 103 (#1803)
• Add Uri.Path ?/ operator #1793 (#1794)
• Add UserAgent header parse Java Api (#1807)
• Optimization: Avoid creation of async callback per request in RequestTimeoutStage (#1848)
• Add application/grpc+proto content type / media type (#1844)
• LogByteStringTools now logs errors on debug log (it’s a debug feature after all) (#1780)
• Suggest valid max-open-requests values on config error (#1806)
• Log the timed out request on server (#1813)
• Be more lenient to allow trailing whitespace after chunk size (#1812)
• In Http().serverLayer use delayCancellation to make behavior consistent with other server entry points (#1822)
• Add HttpMessage.withProtocol overload to return Scala type (#1730)

akka-http2-support

• Add Tls-session-info header for http/2 (#1432)

akka-http

• Add Java onSuccess overload to take a strict value (#1821)

Infrastructure

• Lots of small documentation fixes
• Use sbt-header to manage copyright headers
• Introduce WithLogCapturing trait for suppressing log output for successful tests which allows more aggressive logging by default (which will be shown only for failures)
• Fix search on documentation pages to return only one version of each page
• Disable parallel testing on Jenkins to reduce spurious failures

Bug Fixes

akka-http-core

• New client pool: Fix double registration for dispatch (#1726)
• New client pool: Automatically close connection when slot state -> Unconnected (#1724)
• New client pool: Make sure that failed and retryable requests are re-dispatched immediately (#1735)
• New client pool: Ignore “request entity completed” in state WaitingForResponseDispatch (#1774)
• New client pool: After slot failures remove slot from response dispatching queue (#1775)
• New client pool: Log retried request info (#1781)
• Parse and render token correctly for HttpChallenge and GenericHttpCredentials (#1353)
• Fix utf16 surrogate pair decoding in utf8 encoder (#1760)
• Use 431 status code when header exceeds max length for name or value (#1800)
• Fix customMediaTypes disabling predefined media type parsing (#1786)
• TLS should close connection when instructed by stream completion (#380)

10.1.0-RC1

See the announcement and closed tickets on the 10.1.0-RC1 milestone.

10.1.0-RC1 is the first release candidate for the next minor version of Akka HTTP. The most important changes are

• Removing support for Akka 2.4.x which is at its end-of-life with the end of 2017. In the future, this will allow us to make use of features that only Akka 2.5 supports.
• Removing methods that have been deprecated during the life-time of Akka HTTP 10.0.x. For now, methods only deprecated in the last release of Akka HTTP, 10.0.11, are not yet removed to allow for a smooth transition.
• The new client pool implementation introduced in 10.0.11 is now the default. Please try it out and provide feedback during the RC period of this release so we can iron out any problems we may have missed initially.
• Documentation has now almost completely been consolidated between Scala and Java pages. Hundreds of directive documentation pages have been merged in a tireless effort by @jonas, @jlprat, and Akka team’s @raboof.

List of changes (since 10.0.11)

Improvements

akka-http-core

• Add missing javadsl model bits and pieces (#1679)
• New client pool is now the default
• Several improvements and fixes to new client pool implementation
• Methods deprecated before (but not including) 10.0.11 were removed
• Add convenience Java DSL Http.cachedHostConnectionPoolHttps (#1644)
• Add Retry-After header model (#1554)
• Adding percent encoding length check for Path.Uri (#1553)

akka-http

• Methods deprecated before (but not including) 10.0.11 were removed

akka-http-caching

• Add non-lambda-capturing getOrLoad method to Cache (#1536)

Documentation

• Almost the complete directive documentation has now been consolidated between Java and Scala. More than hundred pages have been simplified like this.
• The top-level documentation structure has been clarified.

Bug Fixes

akka-http-core

• Fix return type for withStatus methods to return proper scaladsl types (#1623)
• Fix “Cannot push port … twice” in NewHostConnectionPool (#1610) and several other fixes

Documentation

• Fix generation/publication of javadoc (10.0.11 javadoc link pointed to scaladoc instead)