10.2.x Release Notes

10.2.10

This release contains small improvements and bug fixes.

Changes since 10.2.9

akka-http-core

• Avoid loop in JavaQuery.render(HttpCharset, CharPredicate) #4078
• Optimization: avoid array copy for string entities #4098
• Allow zero max-content-length #3903
• Move pool buffer into PoolInterface and fix pool sizing#4132
• Use LIFO ordering in retry buffer of connection pool #4133
• Fix for Uri.collapseDotSegments failing on some relative paths #2507
• HTTP/2: When connection is aborted due to completion timeout, abort ongoing substreams (on Akka 2.6) #4062
• HTTP/2: Add client-side cancellation propagation delay #4027
• HTTP/2: Defer enqueing out streams when state machine is already running #4088

akka-http

• Allow custom verifier in Credentials.Provided #4146
• Make toStrictEntity fail with bad request in case of entity errors #4135

docs

• Replace abandoned swakka with actively maintained swagger-akka-http #4129

akka-http-caching

• Avoid locking cache during directive processing #4093
• Fix cached execution and test #4099

10.2.9

This release is a bugfix release fixing a few regressions introduced with 10.2.8:

• Avoid memory leak when HTTP/2 is enabled (#4047)
• Revert the default behavior for ServerSentEvent parsing back to the 10.2.7 default. Empty events are now silently skipped again to keep compatibility with existing (akka-http) servers. If you want to interpret empty events, you can now turn on akka.http.sse.emit-empty-events (#4043)
• Restore compatibility with existing Lightbend Telemetry versions #4055

Changes since 10.2.8

akka-http-core

• Hide empty SSE events behind flag #4043
• Unregister connection from MasterTermination when done #4047
• Revert part of “core: cleanup some unused vals (#4033)” #4055
• Silence noisy error when HTTP/2 connection is closed with idle-timeout #4044

10.2.8

This release is a maintenance release, mostly fixing a few smaller issues around HTTP/2 support.

Akka HTTP now also supports graceful termination for HTTP/2 servers. If coordinated shutdown is enabled for a server binding via ServerBinding.addToCoordinatedShutdown, the server will allow ongoing requests to be completed for a configurable period of time while immediately rejecting incoming requests before shutting down the application process. This helps to avoid downtime during rolling upgrades.

akka-http-core

• Enable idle-timeout when http2 is enabled #3965
• Fix h2c via Upgrade #4000
• Fail pool slot if connection is canceled before it is failed #3981
• Ensure PoolMaster.shutdown(…) does not hang #4004
• Implement graceful termination for HTTP/2 servers #4018
• Remove unused var from ServerTerminator #4011

akka-http

• Interpret SSE heartbeats as events #4020

docs

• Simplify bullet points in 10.2.7 release notes #3926
• Backport release notes from 10.1 #3953
• Replace deprecated functions in Routing DSL docs #3966
• Fix the documentation for RejectionHandler #4013

build

• Dependency updates
• Rename branch master -> main #3911
• Hide test jar with complicated name from scala-steward #3980
• Use fuzzy +~ to switch Scala versions #3970

10.2.7

This release is an important security fix release.

Most importantly, we fixed a problem with parsing headers containing comment elements (#3918). The HTTP spec allows arbitrary nesting of those elements, e.g. in the User-Agent header. When such a header is parsed, an Akka HTTP application may fail fatally with a StackOverflowError. Akka HTTP 10.2.7 mitigates this issue by conservatively limiting the allowed depth of comment elements in headers. See the advisory for CVE-2021-42697 for more information about this security issue.

Another issue has been fixed in relation to header rendering (#3717). Akka HTTP does not validate that header values (or keys) are well-formed when those are provided as Strings (e.g. in a RawHeader). In particular, HTTP headers are not allowed to contain the special characters '\r' or '\n' which are used to delineate headers in an HTTP message. Before 10.2.7, Akka HTTP would naively render those broken header values leading to broken HTTP messages. The generation of headers is usually in complete control of the application. However, an application may accidentally pass incoming unvalidated user data to response headers. In such a case, a remote user might be able to inject line terminators into the response headers leading to invalid or misleading HTTP response messages. Depending on the server setup, this can be a building block for severe attacks.

To mitigate this issue, Akka HTTP now discards outgoing headers containing line terminators and logs a warning. Users are encouraged to be on the watch when creating headers (or any kind of outgoing data) from unvalidated user input as this is a common vector for different kinds of attacks.

Changes since 10.2.6

akka-http-core

• Limit comment nesting in header parser#3924
• Discard outgoing headers containing line breaks #3922
• Avoid calling numConnectedSlots when possible #3904
• Simplify HeaderCompression #3871
• End HTTP/2 stream with empty DATA rather than empty HEADERS #3913

10.2.6

This release is a bug fix release that fixes a bug in HTTP/2 processing, #3890.

10.2.5

This release includes a set of performance improvements in the HTTP/2 infrastructure. Aside from internal improvements, some performance-related changes introduce new APIs or settings:

HTTP/2: Trailers on messages with Strict entities

HTTP/2 server and client can now send Strict entities to completely avoid stream materialization overhead for common use cases that require no streaming. This required providing a new way to attach trailing headers to a message also for messages with Strict entities. For that purpose the new attribute AttributeKeys.trailer of type TrailerTrailer can be attached to a message. This is a common scenario for gRPC which uses trailing headers to transmit the status code in a response.

Streaming entities using Chunked entities can still use the LastChunk to provide trailing headers.

See Trailing Headers for more information.

HTTP/2: Collect Strict entities

HTTP/2 servers can request to produce Strict entities also for incoming requests by using the new akka.http.server.http2.min-collect-strict-entity-size setting. With that setting, the server can be instructed to hold back an incoming request to collect more data until either the request has been fully received (Strict entity is dispatched) or the given limit of collected data has been reached (Chunked entity is dispatched as before). This is another optimization to avoid stream materialization overhead where possible for small requests (also common with simple gRPC requests).

The setting is still disabled by default. See the accompanying comments in the reference.conf for more information.

Other notable improvements

• Client connection pool has a new keep-alive-timeout to avoid race conditions with server-side timeouts. See Keep Alive Timeout.

Changes since 10.2.4

akka-http-core

Features

• Add pool keep-alive-timeout #3816
• Add flag to log WebSocket frame traffic #3739
• Move isStrict up a level to ws.Message #3847
• Add setting to automatically collect HTTP/2 request entity data into strict entities #3829
• Allow trailing HTTP/2 headers on strict responses #3820

Improvements / Fixes

• Include port in HTTP/2 binding warning #3793
• Don’t send ‘100 Continue’ if ‘Content-Length’ header is 0, doesn’t exist or data got sent early #3786
• Preserve original response headers during server termination #3819
• Remove the requirement of max-open-requests being a power of two #3827
• Add detail to onBadProtocol #2877
• Back off on HTTP/2 client persistent connection failure #3857
• Block demux stage completion until in-flight ops complete #3734
• Ensure unhandled error ultimately get translated into GOAWAY frames #3839
• Properly propagate completion through PersistentConnection #3855
• Remove Http2FrameRendering stage #3838
• Remove reflective access to alpn classes (JDK16 support) #3811

Optimizations

• Cache ContentType rendering #3830
• Cache ModeledHeader.value #3846
• Cache lowercaseName in ModeledCustomHeaderCompanion #3851
• Only render date-header once per second #3832
• Don’t include RequestTimeoutSupport if disabled #3862
• Fix UriParser constructor performance #3813
• Increase some default buffer sizes #3863
• A few simple microoptimizations that turned up in profiling #3872
• Append new trailing headers at the end #3821
• Avoid async boundary in ProtocolSwitch #3831
• Avoid calling LoggingAdapter.isDebugEnabled in multiplexer #3869
• Avoid creating GenericOutlet for every out element #3848
• Avoid extra allocations in frame renderer #3823
• Cache expensive isDebugEnabled call #3850
• Convert stream handling map to LongMap #3845
• Don’t recordStateChange when debug logging is disabled #3842
• Fix window management while CollectingIncomingData #3837
• Provide missing handling logic in CollectingIncomingData state + tests #3837
• Import shaded twitter hpack library (APL2) #3849
• Never create Default entity #3841
• Optimize header parsing by caching headers in HPACK tables #3861
• Support Strict entities in Http2SubStream #3824
• Use ByteString.length instead of ByteString.size #3853
• Use cached ContentType.value instead of toString #3865
• Use mutable.Queue for state in multiplexer #3873

Build

• Update caffeine from 2.8.8 to 2.9.0 #3768
• Update github-api from 1.122 to 1.123 #3777
• Update to Scala 2.13.5, 2.12.13 and scalafix 0.9.26 #3780
• Finally update to sbt 1.4.7 #3781
• Publish to sonatype directly #3792
• Import shaded twitter hpack library (APL2) #3849
• Update dependencies #3870
• Disable parallel test execution during Github Actions runs #3866
• Run full validation when workflow definition has changed #3881

10.2.4

This release fixes CVE-2021-23339, a vulnerability regarding interpretation of Transfer-Encoding headers. See Incorrect Handling Of Transfer-Encoding Header.

The vulnerability cannot be exploited using just Akka HTTP itself. Instead, Akka HTTP must be use as a proxy and the downstream server must be vulnerable itself, so that the proxy and the downstream server disagree on how to interpret a malformed request containing both Transfer-Encoding and Content-Length headers potentially leading to a “Request Smuggling” vulnerability. If you are using Akka HTTP as a reverse proxy, make sure to upgrade to the latest version.

Starting from this version, only a single Transfer-Encoding: chunked header is allowed. HTTP/1.1 specifies other encodings, however, those are not supported or implemented in Akka HTTP. Formerly, Akka HTTP would just pass on unsupported Transfer-Encoding headers to the user which lead to the above security issue. Since Akka HTTP implements the “Transfer” part of the protocol, it seems reasonable to lock down allowed values for Transfer-Encoding to prevent security issues like this. Please let us know if this leads to compatibility problems with your software.

The release contains one other notable change:

• New option for handling conflicting Content-Type headers #3727

10.2.3

This release includes a working preview HTTP/2 client. Please consider using this preview to provide early feedback in case you find issues in your use-case. The HTTP/2 client will soon be included as an opt-in backend for the Akka gRPC client.

Native HTTP/2 support in Akka gRPC reduces the number of upstream dependencies and enables more deeply integrated tooling for Akka gRPC in the future.

For now, a connection-level and a “persistent connection” API is provided. The entry points are very similar to the existing flow-based HTTP/1 client APIs (responses are provided out-of-order, though, see the docs). The persistent connection API provides functionality similar to the newHostConnectionPool API.

Higher-level APIs for HTTP/2 like the superPool or singleRequest APIs (or a potential automatic integration into the existing APIs) are still discussed.

Please see the documentation for more information and usage examples.

Other notable changes:

akka-http-core

• Better support for filename in Content-Disposition #3705
• Warn if trying to bind flow/source with HTTP2 (which is not supported) #3678

akka-http-testkit

• Fetch chunks in the testkit without waiting for the whole response to finish #3724

docs

• Show examples of using the Akka HTTP BOM (bill of materials) in dependency blocks

10.2.2

This release includes a number of improvements to the HTTP/2 server support, while we continue to prepare for providing HTTP/2 support at the client as well.

As of this version, it is no longer strictly necessary to depend no a separate ‘akka-http2-support’ artifact to get HTTP/2 support in Akka HTTP. We will continue to publish an empty artifact with that name to make it easy to upgrade, however.

Changes since 10.2.1

akka-http-core

• Allow illegal header keys to be ignored #3133
• HttpCookie.copy was calling itself recursively #3670
• Don’t dispatch onResponseEntity… events for entities that don’t have to be subscribed #3574
• Add modeled ‘TE’ header #3616, #3618
• Add parens to deprecation messages for bind-methods #3547
• Use official version of SocketUtil in tests #3558
• Link to https rather than http #3663
• Avoid temporaryServerHostnameAndPort #3691

akka-http

• Optimize header directives by avoiding HttpHeader.unapply #3591

akka-http-marshallers

• Update jackson-dataformat-xml from 2.10.5 to 2.10.5.1 #3695

akka-http-testkit

• Fall through on AssertionErrors in testkit #3512
• Fail noisily if trying to use ~> together with transparent-head-requests #3569

docs

• Add example for Get request with query parameters #3624
• Add akka-actor-typed dependency to introduction.md #3565
• Typo fix: “the onne” –> “the one” #3521
• Some docs gardening #3544
• Link project info to snapshots #3681
• Release notes for 10.1.13 #3635
• Add section about how to configure snapshots #3642
• Add example for Get request with query parameters #3624
• Update formFields example #3650
• Verify signatures from the markdown actually exist #3654
• Add link from formFields to parameters directive docs #3655
• Use explicit paths to snippets #3653
• Fix the Bid class. #3661

akka-http2-support

• Extract common rendering + add userAgent on requests #3657
• Continue accepting window updates even when done sending #3619
• Support custom HTTP methods for HTTP/2 #3622
• More robust handling of IncomingStreamBuffer.onPull #3621
• Simplify Http2Substream hierarchy trading a bit of type-safety for simplicity #3605
• More useful event info for stream state changes #3643
• Add some more basic HTTP/2 client tests #3644
• Configurable ping support through demuxer #3617
• Close the substreams earlier from the demuxer #3647
• HTTP/2 client test coverage (and support for) TLS session info #3668
• Handle RST while sending data + more tests #3671
• Fix lost ‘pull’ when closing while waiting for window #3672
• Send and enforce max concurrent streams setting #3529
• Unify incoming and outgoing state machine #3552
• Disable Push (send SETTING) #3555
• Fix Scala 2.12 compilation error #3582
• Remove explicit parallelism parameter in HTTP/2 #3545
• Respect remote max concurrent streams (reprise) #3581
• Also go through state machine for resetStream #3584
• Fix leakage of incoming substreams in edge cases #3233
• Run handler code in its own task on the server #3593
• Check HTTP2 headers for correctness #3603
• HTTP/2 connection level API #3511
• Accepting trailing headers in the HTTP/2 client #3602
• Protocol-level client specs #3532
• Move some public API bits to its final places and mark them as @ApiMayChange#3526
• Use LogHelper in demux classes #3506
• Remove some minor repetition in HTTP/2 rendering #3229
• Test server responses to invalid ping frames #3523
• Use scheme portion of target URI in :scheme pseudo-header #3535
• Add test for receiving WINDOW_UPDATE in HalfClosedRemoteWaitingForOutgoingStream state #3554
• Make ‘network’ and ‘user’ sides more explicit #3638
• streamId attribute is not needed / supported on client side #3652

build

• Akka HTTP BOM #3665
• Add 10.2.1 to MiMa #3499
• Increase paradox parsing timeout #3508
• Also aggregate akka-http-bench-jmh, to fail if benchs fail to compile #3561
• Exclude akka-http-bench-jmh from whitesource #3562
• Disable whitesource for submodules which are not to be published #3564
• Remove sbt-javaagent #3598
• Include stack traces in scalatest failures #3612
• Add 10.1.13 to mima #3641

And various updates:

• Update akka to 2.5.32 #3558
• Update caffeine from 2.8.5 to 2.8.7 #3515
• Update junit from 4.12 to 4.13.1 #3517
• Update paradox-theme-akka, … from 0.35 to 0.36#3697
• Update sbt-bintray from 0.5.6 to 0.6.1 #3572, #3596
• Update sbt-mima-plugin from 0.8.0 to 0.8.1 #3548
• Update sbt-scalafix, scalafix-core, … from 0.9.21 to 0.9.23 #3614
• Update specs2-core from 4.10.3 to 4.10.5 #3518, #3550
• Update spray-json from 1.3.5 to 1.3.6 #3629

10.2.1

This release includes:

• Improved source-compatibility with Akka HTTP 10.1.x #3489
• Re-introduction of the lingerTimeout option #3456

Changes since 10.2.0

akka-http-core

• Reenable lingerTimeout #3456
• Make entities of HEAD requests discard #3440
• Fix HTTPS proxy CONNECT request #3434
• Expose the SslSession via an attribute #3472
• Add debug logging when Websocket impl closes connections after timeout #3431
• Spelling in reference.conf #3425
• Remove unused import in Handshake class #3464
• Tests: use copy of SocketUtil that does not use 127.x.y.255 addresses #3460

akka-http

• Provide implicit conversion from route and materializer to flow #3489
• Fail storeUploadedFile(s) directive when IO operation fails #3437
• Fix Route.handlerFlow deprecation message #3465
• Fix a couple of warnings #3482
• Clean up some imports #3457

docs

• Docs for getting data from a strict entity in a client #3446
• Fix links to httpsServer / httpsClient #3453
• Fix typo in deprecation message #3424
• Update Scala style guide example to match the Java one (remove duplicated “customer” path) #3448
• Document how to disable hostname verification without ssl-config #3483
• Fix introduction markup #3476
• Update head documentation about default behavior #3480
• Document requiring client authentication #3492
• Update websocket docs to describe attribute #3488

akka-http2-support

• Ignore unexpected DATA frames in state closed #3462
• Improve HTTP2 debug logging #3467

build

• Set up mima for 10.2 #3408
• Simplify http-core test against akka master scenario #3402
• Increase paradox parsing timeout #3430
• Update to Scala 2.12.12 #3420
• Update github-api from 1.115 to 1.116 #3443
• Update sbt-jmh from 0.3.7 to 0.4.0 #3471
• Update sbt-mima-plugin from 0.7.0 to 0.8.0 #3475
• Update sbt-scalafix, scalafix-core, … from 0.9.20 to 0.9.21 #3479
• Update scalatest from 3.1.3 to 3.1.4 #3454
• Update silencer-lib, silencer-plugin from 1.7.0 to 1.7.1 #3397
• Update specs2-core from 4.10.2 to 4.10.3 #3445

10.2.0

Akka Http 10.2 is a modernization release to improve the integration with the latest Akka versions, streamline APIs, and improve performance.

Since the original release of 10.1, the Akka project has introduced a few important features:

• Akka 2.6 offers typed actors and ActorSystems
• Akka Stream APIs were improved to work without requiring a Materializer in most cases
• Akka gRPC 1.0 has been released which is built on top of Akka HTTP

Akka Http 10.2.0 supports these changes in the following ways:

• Http APIs now work the same whether a classic or a typed ActorSystem is provided
• A new concise API for binding servers has been introduced
• A new set of directives handle, and handleSync provide more options to seamlessly mix Akka gRPC generated service handlers with Akka Http routes. HTTP/2 support has been improved based on Akka gRPC usage.
• Akka HTTP now supports Akka Coordinated Shutdown for server bindings.

Seamless integration with Akka 2.6 and new server API entrypoints

Making changes to support Akka 2.6 better, we realized that the existing server API is sometimes awkward to use and to evolve. Therefore, we took the opportunity to come up with a new ServerBuilder API that provides a way to bind servers more concisely, especially from Java.

Code like:

Scala

copysource// only worked with classic actor system
implicit val system = akka.actor.ActorSystem("TheSystem")
implicit val mat: Materializer = ActorMaterializer()
val route: Route =
  get {
    complete("Hello world")
  }
Http().bindAndHandle(route, "localhost", 8080)

Java

copysource// only worked with classic actor system
akka.actor.ActorSystem system = akka.actor.ActorSystem.create("TheSystem");
Materializer mat = ActorMaterializer.create(system);
Route route = get(() -> complete("Hello World!"));
Http.get(system).bindAndHandle(route.flow(system), ConnectHttp.toHost("localhost", 8080), mat);

can now be written as:

Scala

copysource// works with both classic and typed ActorSystem
implicit val system = akka.actor.typed.ActorSystem(Behaviors.empty, "TheSystem")
// or
// implicit val system = akka.actor.ActorSystem("TheSystem")

// materializer not needed any more

val route: Route =
  get {
    complete("Hello world")
  }
Http().newServerAt("localhost", 8080).bind(route)

Java

copysource// works with classic or typed actor system
akka.actor.typed.ActorSystem system = akka.actor.typed.ActorSystem.create(Behaviors.empty(), "TheSystem");
// or
// akka.actor.ActorSystem system = akka.actor.ActorSystem.create("TheSystem");

// materializer not needed any more

Route route = get(() -> complete("Hello World!"));
Http.get(system).newServerAt("localhost", 8080).bind(route);

Notably, server written with the routing DSL will now be automatically converted to an asynchronous handler (using the new pendant of bindAndHandleAsync) instead of being provided as a Flow (using bindAndHandle before). This has the benefit that it fits the style of the routing DSL better which really represents an asynchronous handler function and, more importantly, will enable routes to work automatically with HTTP/2 (when enabled).

The old APIs have been deprecated but will be kept for binary and source compatibility at least until 10.3 but maybe even longer (because they have been such a central part).

We made an effort to keep supporting Akka 2.5.x (>= 2.5.31) for this release to ease the migration burden. It required backporting some features from Akka 2.6 so that seamless APIs would work the same with Akka 2.6 and Akka 2.5. The 10.2.x release line will be the last supporting Akka 2.5.

To do the migration you can run the following task in sbt if you have scalafix enabled in your project:

scalafixAll dependency:[email protected]:akka-http-scalafix-rules:10.2.0

See the migration notes for more information about how to setup and use scalafix to do the migration.

Routing DSL guidelines

Akka HTTP’s routing DSL comes with great power once you have mastered it. However, the flexibility it provides can be hard to tame for new users or when projects grow. We acknowledge these difficulties and want to conquer them with giving more guidelines to get started with building routes more easily. For that reason, we created two new documentation pages to give advice about how routes can be organized for scale:

• The new styleguide gives general recommendations about how to structure route source code.
• A comparison with Play routes gives a side-by-side overview of how routing features of Play and Akka HTTP compare to each other.

Attributes for HttpRequest and HttpResponse

In many cases metadata needs to be attached to an HTTP message. Previously, this was accomplished by introducing synthetic headers to add to requests and responses. However, this was more of a workaround that could lead to confusion about which headers should be rendered and where they originated. Akka Http 10.2 introduces attributes to HTTP messages. These allow attaching and querying typed metadata values to messages.

See Attributes for more information.

Default configuration improvements

Seldom used features have now been turned off by default:

• Transparent HEAD support was disabled, see #2088 and the migration notes for information about the rationale.
• Server-side HTTP pipelining was disabled by default. Common HTTP clients do not support it by default or have it disabled, so to reduce complexity in the common code paths the default akka.http.server.pipelining-limit was changed to 1. See the migration notes for more information.

Better support for upcoming Scala versions

Scala 2.13 deprecated “adapted arguments” which were heavily used in the routing DSL with the magnet pattern. It allowed that a single method with a single argument could take any number of arguments in a typesafe fashion by relying on the Scala compiler to convert those arguments to a tuple of arguments. Since a while we generally try to reduce our usage of implicits and the magnet pattern to avoid complex compile error messages, long compile times, and complexity. With Akka Http 10.2 we made another effort to reduce our dependency on that language feature by providing a set of code-generated overloads for the methods in question to pave our way for upcoming Scala versions.

See the migration guide for more information.

Client: configurable setting overrides per target host

It is now possible to set overrides for client settings per target host via configuration. For example, if you use Akka HTTP client to access different services, it is now possible to tweak pool and connection parameters like the maximum number of concurrent connections (max-connections) on a per-target-host-basis. Thanks to David Knapp / @Falmarri for providing an initial implementation of that feature a long time ago.

Client: custom client DNS resolution transport

By default, host name resolution is done in the IO layer when a connection attempt is made. In some cases, it can make sense to be able to customize the resolution, for example if there are multiple ip addresses returned for a DNS query, this could be used to implement custom DNS load balancing schemes. For that purpose, a new ClientTransport.withCustomResolver was introduced that allows providing custom resolution for each connection attempt.

See the section about custom client DNS resolution schemes for more information.

Performance improvements

• Better performance for big client pools: Big client pools with more than 500 connections (max-connections = 500 or more) suffered from a bad choice of datastructure with O(n²) access times, so bigger pools spent too much time just sifting through the internal data structures instead of doing useful work. This has been fixed and a nightly benchmark has been set up to track performance going forward.
• Cheaper logging in client pools helps pools of all sizes by avoiding logging when DEBUG logging is disabled.
• discardEntityBytes for strict entities is now a no-op while before streams were materialized.

Streamlined HTTPS configuration

Akka HTTP no longer uses the HTTPS configuration configured with ssl-config by default. Instead, it will use the JRE defaults for client connections. For server connections you should create a HttpsConnectionContextHttpsConnectionContext with the relevant configuration.

See Configuring HTTPS connections for more information.

Other changes

• Various bug fixes, such as around percent-encoding URI queries and parsing headers with unicode characters.
• RouteTest can now run integration tests with ~!> through full client/server infrastructure #3014
• Various improvements to HTTP/2 support, driven by Akka gRPC.
• Remove legacy host connection pool including settings and tests #3188

Migration notes

Support for Scala 2.11 has been dropped in this release. See the Migration guide for more information about other changes which might need migration.

Changes since 10.1.11

akka-http-core

• Fix cancellation race conditions on the client-side #2965
• Silence outgoing request stream error #2905
• Add SameSite attribute to Cookies #2928
• Only catch NonFatal Exceptions #2853
• Add coordinated shutdown support #3142
• Percent-encode illegal chars when creating URI query #3003
• Add the remote address in parse errors when possible #2899
• Remove UseHttp2 #2896
• Hide body and headers by default in HttpRequest#toString and HttpResponse#toString #2560
• Fix headers javadsl scaladoc #2932
• Allow client setting overrides for target hosts in config #2574
• Fix EOL detection for body part parsing #2581
• Update javadsl bindAndHandle to take a Java function and System #3223
• Identify Content-Type charset parameter even if not lower case #2926
• Prevent initialization NPE which might fail all retries quickly #2958
• Add exclusion for Extension issues when building against Akka 2.6 #2945
• Nest correctly in NewHostConnectionPool #2964
• Support for request/response message attributes #2938
• Don’t fail slot after previous connection failed in special condition #3021
• Simplify route2HandlerFlow #2893
• Better support for the new Actors API #3036
• Parse empty query ? to Query.empty #3042
• Make sure to cancel response entity on failure #3046
• Add akka.http.server.remote-address-attribute #2924
• Make transparent-head-requests opt-in #3063
• Continue more gracefully when encountering multiple Host headers in a response #3158
• Allow customizing parsing errors #3049
• Don’t extend from Char => Boolean for CharPredicate #3107
• Add server-side streamCancellationDelay to mitigate cancellation race conditions #2116
• Improve error message about unconsumed entity #3109
• Header rendering with less indirection #3106
• Remove deprecated methods taking implicit materializers #3119
• Simplify superPool and clientFlow #3156
• Deprecate Remote-Address header #3174
• Move max-content-length definition from top to server/client #3098
• Add test for failure propagation into websocket flows #3276
• Deprecate UpgradeToWebSocket #3278, #3296
• Disable server-side HTTP pipelining by default#
• Make HttpEntity.Strict.discardBytes a no-op #3329
• Make sure to reset all UriParser fields before reusing#
• Track idle slots explicitly to avoid O(n^2) work for big pools#
• Keep request/response copy method public #3347
• Introduce javadsl discardEntityBytes that takes a ClassicActorSystemProvider#
• Provide toStrict overloads with ClassicActorSystemProvider parameter#
• Introduce custom hostname resolution client transport #3202
• Avoid expensive logging in NewHostConnectionPool #3356
• Introduce Http().newServerAt server builder API#
• Make HttpRequest/HttpResponse.hashCode depend on attributes #3351
• Allow customization of materializer with new ServerBuider API#3414

akka-http

• Names as alternative to symbolic directive combiners #3085
• Names for symbolic enhancements #3082
• Allow names to match paths #3089
• Remove deprecated FormFieldDirectives methods #3120
• Remove magnets usage from formField directives #3289
• Provide Route.toFunction as alternative to Route.asyncHandler #3115
• New handle directive to create Route from function #3239
• Allow ‘bindAndHandleAsync’ to take a ‘Route’ #3237
• Make X-Real-IP take precedence over Remote-Address #3173
• Allow passing a companion object to headerValueByType #3279
• Replace magnetic parameter overloads by boilerplate-generated overloads #2971
• Deprecate directives taking Symbol as argument #3291
• Remove uploadedFile (deprecated in 10.0.11) #3118
• Deprecate internal parts of coding infrastructure #3262
• Deprecate HttpApp #3162
• Allow ‘complete’ directive with status without adapted arguments #3307
• Fix remaining internal adapted arguments warnings #3337
• Create Unmarshaller.unmarshal overloads taking in ClassActorSystemProvider#
• Add directives for extracting attributes #3355
• Document and dogfood using the attribute for websockets #3358
• Add handlePF directive #3367

akka-http-marshallers

• Only show unmarshalling error details when ‘verbose-error-messages’ is on #3265
• Jackson: Better JSON validation error when unmarshalling #2901

akka-http-testkit

• Allow RouteTest to run integration tests via ~!> operator #3014
• Update to Scalatest 3.1.0 #2851
• Handle test exceptions separately from regular exceptions #2949
• Simplify implicits for RouteTest #3060
• Fix more Scala 2.13 warnings #3130

docs

• Use typed ActorSystem in examples #3242
• Routing DSL style guide #3099
• Routing DSL compared with Play routes #3079
• Small typo in docs/src/main/paradox/common/marshalling.md #2864
• Add warning on usage on extractClientIP #2922
• Show RequestBuilding in client examples #2968
• Don’t claim that SNI is a security feature #3257
• Update documentation and examples to Akka 2.6 #2996
• Link to major/minor Akka docs #3048
• Actor interop Java example #3078
• Make Case class extraction example work with 2.13 #3092
• Fix more Scala 2.13 warnings #3130
• Update extractClientIP.md wrt remote-address-attribute #3083
• Make HttpServerWithActorsSample more 2.6-style #3077
• Show symbolic Akka version for dependencies #3121
• Support native ALPN in JDK >=8u251 #3117
• Use automatic root dir resolution for snip and signature #3339
• Page about client-side configuration + per-host-overrides #3338
• Document and dogfood using the attribute for websockets #3358
• Add ‘troubleshooting’ page, populate with ‘PRI’ error message #3384

akka-http2-support

• Initial HTTP/2 client implementation bits #3166
• Potential fix for idle timeouts in HTTP/2 #2776
• Frame parsing: improve handling of unknown values #3101
• Support native ALPN in JDK >=8u251 #3117
• Fix HeaderCompression updating table size without giving notice to peer #2891
• Reduce HTTP/2 buffer debug logging #3025
• Accept RST on an already-half-closed HTTP/2 stream #2976
• Gracefully discard unsupported h2 SETTINGS #3053
• Make the HTTP/2 Stream ID an attribute #3224

akka-http-caching

• Harden ExpiringLfuCacheSpec #2960

build

• Fix project-info links to API docs #2857
• Drop Scala 2.11 #2589
• Build with Scala 2.13 by default #3126
• Better diagnostics when validatePullRequest fails weirdly #2904
• Test against published snapshots instead of source deps #3055
• Enable some fatal warnings for docs #3114
• Add sbt-reproducible-builds #3165
• Publish docs from travis #3328
• Scalafix rules to rewrite to new ServerBuilder API automatically #3407