Release 1.4

Release 1.4 includes significant new features such as WebFlux support and asynchronous initialization as well as some minor bug fixes.

New features

• Support for Spring WebFlux applications in the new aws-serverless-java-container-springboot2 package (#239).
• Asynchronous initialization makes it easy to take advantage of Lambda's boosted CPU access during the 10 seconds initialization period. The asynchronous initializer starts the underlying framework in a separate thread and uses as much of the 10 seconds timeout for initialization as possible. After 10 seconds, the initializer returns control to AWS Lambda and the main request handling method waits for the background initialization to complete before handling the next event. You can read more about asynchronous initialization in the documentation. This addresses #210, #234, and #264. To make asynchronous initialization more accessible, we have also added builder objects (#144) for the Spring-based implementations (the more likely to be slow at cold start):

public class StreamLambdaHandler implements RequestStreamHandler {
    private SpringBootLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
    
    public StreamLambdaHandler() throws ContainerInitializationException {
        long startTime = Instant.now().toEpochMilli();
        handler = new SpringBootProxyHandlerBuilder()
                .defaultProxy()
                .asyncInit(startTime)
                .springBootApplication(SlowApplication.class)
                .buildAndInitialize();
    }

    @Override
    public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context)
            throws IOException {
        handler.proxyStream(inputStream, outputStream, context);
    }
}

• More complete implementation of the ServletContext which now allows servlet registration and can perform basic routing (#256)
• Implementation of AsyncContext for the AwsHttpServletRequest. Note the start(Runnable runnable) method will throw an UnsupportedOperationException since we don't want to encourage background tasks in the Lambda environment.
• Added a new setDefaultContentCharset option in the ContainerConfig object to override the HTTP-specs default of ISO-8859-1 (#269)

Bug fixes

• Fixed an issue with getParameterValues() in AwsProxyHttpServletRequest that made the method return only the first available value for query string parameters (#280)
• Fixed a bug in JerseyServletResponseWriter that caused exceptions not be progated from the failure() method (#273, thank you @mikaelq for the fix)
• Fixed a bug in the default log formatter for HTTP access logs that caused ALB requests to be logged as 01/01/1970:00:00:00Z (#270, thank you @goughy000 for the fix)

Other changes

• Updated dispatcher logic to store the DispatcherType in a request attribute. This allows Serverless Java Container's dispatcher to support any implementation/wrapping of ServletRequest (#275)
• Changed Spring, Spring Boot, and Spring Boot 2 implementations to present themselves as embedded web servers instead of using Spring's internal functions to initialize the application context
• Split Spring Boot 2 support into a separate package to better take advantage of the new interfaces and features in Spring Boot 2
• Bump Jersey dependency to version 2.29.1 (#266)
• Bump Jackson version to 2.9.10

Release 1.3.2

Release 1.3.2 is primarily a bug-fix release. However, it also includes some minor new features.

New features

• Exposed Jersey injection manager from the JerseyLambdaContainerHandler object (#253). Thanks @dmetzler for the contribution!

JerseyLambdaContainerHandler handler = 
    JerseyLambdaContainerHandler.getAwsProxyHandler(jerseyApplication);
handler.getInjectionManager();

Bug fixes

• Removed path validation in the getMimetype() method of the AwsServletContext since frameworks call this method with non-existent paths and their only objective is to get the mime type based on the file extensions, regardless of whether the file exists on disk or not (#254)
• Added additional null-checks around the AwsServletInputStream as well as a check for the NullInputStream type (#147)
• Graceful handling of empty header and query string values (#247)
• Added annotation to make sure requests get deserialized with the isBase64Encoded field for debugging purposes (#262)
• Improved and simplified header parsing logic (#263)
• Fixed wrong value assignments in multipart forms (file name and field name were inverted) (#258)

Other changes

• Bumped Spark version to 2.9.1
• Bumped Spring and SpringBoot versions to 5.1.8.RELEASE and 1.5.21.RELEASE respectively
• Changed logging severity when a request has no content type from error to debug (#261)

Release 1.3.1

Patch release to address request validation issues introduced in the 1.3 release.

• Removed legacy Spring Context listener that was causing a non-fatal ClassCastException (#225)
• Added InvalidRequestEventException to fail fast and open on events that don't contain an HTTP method (#230)
• Added null check on new multivalue headers and query string params (#232)

Release 1.3

Release 1.3 includes a new features, improvements, and bug fixes.

New features

• Support for Application Load Balancer's (ALB) events - you can now use an AWS Lambda function built with serverless-java-container as a target for ALB. serverless-java-container requires that multi-value headers support is enabled in ALB. (#214)
• Gradle and Maven Assembly support - all archetypes and samples are updated to use the maven assembly plugin by default to generate a zip deployment package for AWS Lambda. This improves cold start performance for large applications. We have also included a build.gradle file in both samples and archetypes that generates the same zip file. The generated SAM templates point to the assembly zip file by default. (#133)
• Spring Boot 2.x support - we have added a new aws-serverless-springboot2-archetype that makes it easy to quickly set up a new project with Spring Boot 2.x. (#181, #193)

Bug fixes

• Fixed issue with Jersey not being sent all request headers. (#208)
• Fixed issue with getParameterMap() method in HttpServletRequest not supporting multi-value query string parameters. (#217 thank you, @superweijiafeng)
• Fixed issue with headers being treated as case sensitive after deserialization (#216 thank you, @eirikjak)

Other changes

• It is now possible to inject HttpServletRequest objects in Jersey's Filter objects because the framework allows proxying of the ServletRequest, ServletContext, and ServletResponse suppliers. (#211)
• Updated documentation to make it easier to port existing Spring applications that rely on custom @ControllerAdvice classes. (#167)

Release 1.2

New major release with bug fixes, new features, and Struts 2 support!

We received a lot of support from the community for this release - all contributors are mentioned next to the feature/issue they worked on. Thank you all!

New features

• Support for the Apache Struts framework including an archetype: aws-serverless-struts2-archetype. Take a look at the quick start wiki. (#149 thank you, @jogep)
• Support for API Gateway's multi-value headers and query string parameters. You can now receive arrays of values in the query string and return multiple cookies! (#198)
• Support for pre-registered binary content types so that the framework doesn't have to test the encoding of requests. You can now call the addBinaryContentTypes(String... ct) method on the ContainerConfig object to ensure the specified content types are always treated as binary. By default, the ContainerConfig object registers application/octet-stream, image/jpeg, image/png, and image/gif as binary (#191 thank you, @billrobertson42)
• Override default charset when not specified in a request Content-Type. By default, the HTTP specs assume ISO-8859-1 as charset. You can now call the setDefaultContentCharset() of the ContainerConfig object to override this (#175)
• Updated version of all dependency framework to the latest version (#201):
  • Jersey 2.26 -> 2.27
  • Spark 2.7.2 -> 2.8.0 (thank you, @jschwartz73)
  • Spring 5.0.7.RELEASE -> 5.1.1.RELEASE
  • SpringBoot 1.5.9.RELEASE -> 1.5.17.RELEASE

Bug fixes

• Resolved NullPointerException when trying to access non-existent query string parameters in Spark (#168)
• Resolved NullPointerException when trying to access remote address and the event object does not contain the context or identity objects. System now defaults to 127.0.0.1 if the value is not populated in the event (#182)
• Fixed setCharacterEncoding method in servlet response. It was erroneously setting the Content-Encoding header. This has now been fixed to append the charset property to the Content-Type header (#188 thank you, @larmog)
• Fixed encoding of request URI for Jersey implementation. The library generated the ContainerRequest object using the getPathInfo() method from the servlet request, which contained decoded parameters. Changed this to use the getRequestURI() method. (#200)
• Resolved IllegalArgumentException when processing multipart forms. The exception was thrown by the file path security validation method when applied to the file name on the multi-part form. (#205 thank you, @tjordahl)

Other changes

• Moved archetypes to root of package to prevent build failures when calling maven package in specific archtype (#185 thank you, @norris-shelton)
• Removed need to close the output stream explicitly. The stream is now owned by the proxyStream method (#183)
• Added integration tests for archetypes and parameterized the dependency versions in the pom.xml to make sure we don't publish an archetype out of step again (#178)
• Updated Jackson dependency version in all packages and samples to 2.9.7 to address CVE-2018-7489 (#201)

Release 1.1.4

Patch release:

• Addresses the null query string issue reported in #168
• Switched Spring and SpringBoot archetypes to use the @Import annotation rather than @ComponentScan

Release 1.1.3

Bug fix release to address an issue with Spring mapping List<String> from query string parameters reported in #162

Release 1.1.2

Bug fix release that addresses a recent issue with frameworks trying to access a null query string parameters map.

Release 1.1.1

Bug fix release with the following changes:

• Fix in encoding settings for content type header (#150)
• Fix to make header names non case sensitive (#150)
• Fix getParameterValues() method in AwsProxyHttpServletRequest to return null when no values are available (#156)
• Fixed issue with requests to the root resources (/) that were not routed correctly by Spark (#151)
• Fixed parameter and url encoding behavior to match API Gateway's proxy behavior - expect all parameter values and path in the proxy event to be url-decoded. The framework now re-url-encodes values before passing them on to the underlying framework (#146)

Release 1.1

Version 1.1 includes new performance improvements and bug fixes.

Performance improvements

• All setup code has been moved to the static initializer method. If you follow the instructions in our documentation and archetypes to include the handler creation code in a static block you will see a drop in cold start latency.

private static SpringBootLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
static {
    try {
        handler = SpringBootLambdaContainerHandler.getAwsProxyHandler(Application.class);
    } catch (ContainerInitializationException e) {
        e.printStackTrace();
    }
}

• When using Spring profiles, we have added a new static method that receives a ConfigurableWebApplicationContext as well as a vararg list of profile names. Using this method will ensure that the application is initialized only once with the correct profile.

AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
applicationContext.register(PetStoreSpringAppConfig.class);
handler = SpringLambdaContainerHandler.getAwsProxyHandler(applicationContext, "profile-1", "profile-2");

• Setting profiles after the handler is initialized using the activateSpringProfiles method will cause the Spring context to reload and slow down the following request.
• Behind the scenes we moved the initialization of ObjectMapper, ObjectReader, and ObjectWriter to the LambdaContainerHandler constructor. This will ensure that they are initialized in the static code block.
• Archetype and examples for Spring now include the spring-context-indexer as a dependency.

Bug fixes

• Added a logback.xml configuration file for Spring and SpringBoot that sets the log level to ERROR. This addresses #134 to make Spring and SpringBoot applications testable with SAM Local.
• Added apiKeyId to the request identity model to address #136.
• New whitelist for hosts, ports, and base paths (#138). For applications that need to dynamically generate links, we've added the ability to read the forwarded host, and port headers. To secure this, developers have to explicitly whitelist custom domain names:

LambdaContainerHandler.getContainerConfig().addCustomDomain("api.myserver.com");

• Fixed query string encoding in Jersey (#140)
• Using body input stream instead of event body for form parameters (#141)
• Bumped Jackson dependency to 2.9.5 to address critical vulnerability (#139)