Releases: aws/serverless-java-container
Release 1.4
Release 1.4 includes significant new features such as WebFlux support and asynchronous initialization as well as some minor bug fixes.
New features
- Support for Spring WebFlux applications in the new
aws-serverless-java-container-springboot2
package (#239). - Asynchronous initialization makes it easy to take advantage of Lambda's boosted CPU access during the 10 seconds initialization period. The asynchronous initializer starts the underlying framework in a separate thread and uses as much of the 10 seconds timeout for initialization as possible. After 10 seconds, the initializer returns control to AWS Lambda and the main request handling method waits for the background initialization to complete before handling the next event. You can read more about asynchronous initialization in the documentation. This addresses #210, #234, and #264. To make asynchronous initialization more accessible, we have also added builder objects (#144) for the Spring-based implementations (the more likely to be slow at cold start):
public class StreamLambdaHandler implements RequestStreamHandler {
private SpringBootLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
public StreamLambdaHandler() throws ContainerInitializationException {
long startTime = Instant.now().toEpochMilli();
handler = new SpringBootProxyHandlerBuilder()
.defaultProxy()
.asyncInit(startTime)
.springBootApplication(SlowApplication.class)
.buildAndInitialize();
}
@Override
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context)
throws IOException {
handler.proxyStream(inputStream, outputStream, context);
}
}
- More complete implementation of the
ServletContext
which now allows servlet registration and can perform basic routing (#256) - Implementation of
AsyncContext
for theAwsHttpServletRequest
. Note thestart(Runnable runnable)
method will throw anUnsupportedOperationException
since we don't want to encourage background tasks in the Lambda environment. - Added a new
setDefaultContentCharset
option in theContainerConfig
object to override the HTTP-specs default ofISO-8859-1
(#269)
Bug fixes
- Fixed an issue with
getParameterValues()
inAwsProxyHttpServletRequest
that made the method return only the first available value for query string parameters (#280) - Fixed a bug in
JerseyServletResponseWriter
that caused exceptions not be progated from thefailure()
method (#273, thank you @mikaelq for the fix) - Fixed a bug in the default log formatter for HTTP access logs that caused ALB requests to be logged as
01/01/1970:00:00:00Z
(#270, thank you @goughy000 for the fix)
Other changes
- Updated dispatcher logic to store the
DispatcherType
in a request attribute. This allows Serverless Java Container's dispatcher to support any implementation/wrapping ofServletRequest
(#275) - Changed Spring, Spring Boot, and Spring Boot 2 implementations to present themselves as embedded web servers instead of using Spring's internal functions to initialize the application context
- Split Spring Boot 2 support into a separate package to better take advantage of the new interfaces and features in Spring Boot 2
- Bump Jersey dependency to version
2.29.1
(#266) - Bump Jackson version to
2.9.10
Release 1.3.2
Release 1.3.2 is primarily a bug-fix release. However, it also includes some minor new features.
New features
- Exposed Jersey injection manager from the
JerseyLambdaContainerHandler
object (#253). Thanks @dmetzler for the contribution!
JerseyLambdaContainerHandler handler =
JerseyLambdaContainerHandler.getAwsProxyHandler(jerseyApplication);
handler.getInjectionManager();
Bug fixes
- Removed path validation in the
getMimetype()
method of theAwsServletContext
since frameworks call this method with non-existent paths and their only objective is to get the mime type based on the file extensions, regardless of whether the file exists on disk or not (#254) - Added additional null-checks around the
AwsServletInputStream
as well as a check for theNullInputStream
type (#147) - Graceful handling of empty header and query string values (#247)
- Added annotation to make sure requests get deserialized with the
isBase64Encoded
field for debugging purposes (#262) - Improved and simplified header parsing logic (#263)
- Fixed wrong value assignments in multipart forms (file name and field name were inverted) (#258)
Other changes
Release 1.3.1
Patch release to address request validation issues introduced in the 1.3 release.
Release 1.3
Release 1.3 includes a new features, improvements, and bug fixes.
New features
- Support for Application Load Balancer's (ALB) events - you can now use an AWS Lambda function built with
serverless-java-container
as a target for ALB.serverless-java-container
requires that multi-value headers support is enabled in ALB. (#214) - Gradle and Maven Assembly support - all archetypes and samples are updated to use the maven assembly plugin by default to generate a
zip
deployment package for AWS Lambda. This improves cold start performance for large applications. We have also included abuild.gradle
file in both samples and archetypes that generates the same zip file. The generated SAM templates point to the assembly zip file by default. (#133) - Spring Boot 2.x support - we have added a new
aws-serverless-springboot2-archetype
that makes it easy to quickly set up a new project with Spring Boot 2.x. (#181, #193)
Bug fixes
- Fixed issue with Jersey not being sent all request headers. (#208)
- Fixed issue with
getParameterMap()
method inHttpServletRequest
not supporting multi-value query string parameters. (#217 thank you, @superweijiafeng) - Fixed issue with headers being treated as case sensitive after deserialization (#216 thank you, @eirikjak)
Other changes
- It is now possible to inject
HttpServletRequest
objects in Jersey'sFilter
objects because the framework allows proxying of theServletRequest
,ServletContext
, andServletResponse
suppliers. (#211) - Updated documentation to make it easier to port existing Spring applications that rely on custom
@ControllerAdvice
classes. (#167)
Release 1.2
New major release with bug fixes, new features, and Struts 2 support!
We received a lot of support from the community for this release - all contributors are mentioned next to the feature/issue they worked on. Thank you all!
New features
- Support for the Apache Struts framework including an archetype:
aws-serverless-struts2-archetype
. Take a look at the quick start wiki. (#149 thank you, @jogep) - Support for API Gateway's multi-value headers and query string parameters. You can now receive arrays of values in the query string and return multiple cookies! (#198)
- Support for pre-registered binary content types so that the framework doesn't have to test the encoding of requests. You can now call the
addBinaryContentTypes(String... ct)
method on theContainerConfig
object to ensure the specified content types are always treated as binary. By default, theContainerConfig
object registersapplication/octet-stream
,image/jpeg
,image/png
, andimage/gif
as binary (#191 thank you, @billrobertson42) - Override default charset when not specified in a request
Content-Type
. By default, the HTTP specs assumeISO-8859-1
as charset. You can now call thesetDefaultContentCharset()
of theContainerConfig
object to override this (#175) - Updated version of all dependency framework to the latest version (#201):
- Jersey 2.26 -> 2.27
- Spark 2.7.2 -> 2.8.0 (thank you, @jschwartz73)
- Spring 5.0.7.RELEASE -> 5.1.1.RELEASE
- SpringBoot 1.5.9.RELEASE -> 1.5.17.RELEASE
Bug fixes
- Resolved NullPointerException when trying to access non-existent query string parameters in Spark (#168)
- Resolved NullPointerException when trying to access remote address and the event object does not contain the context or identity objects. System now defaults to
127.0.0.1
if the value is not populated in the event (#182) - Fixed
setCharacterEncoding
method in servlet response. It was erroneously setting theContent-Encoding
header. This has now been fixed to append the charset property to theContent-Type
header (#188 thank you, @larmog) - Fixed encoding of request URI for Jersey implementation. The library generated the
ContainerRequest
object using thegetPathInfo()
method from the servlet request, which contained decoded parameters. Changed this to use thegetRequestURI()
method. (#200) - Resolved IllegalArgumentException when processing multipart forms. The exception was thrown by the file path security validation method when applied to the file name on the multi-part form. (#205 thank you, @tjordahl)
Other changes
- Moved archetypes to root of package to prevent build failures when calling maven package in specific archtype (#185 thank you, @norris-shelton)
- Removed need to close the output stream explicitly. The stream is now owned by the
proxyStream
method (#183) - Added integration tests for archetypes and parameterized the dependency versions in the
pom.xml
to make sure we don't publish an archetype out of step again (#178) - Updated Jackson dependency version in all packages and samples to
2.9.7
to addressCVE-2018-7489
(#201)
Release 1.1.4
Patch release:
- Addresses the null query string issue reported in #168
- Switched Spring and SpringBoot archetypes to use the
@Import
annotation rather than@ComponentScan
Release 1.1.3
Bug fix release to address an issue with Spring mapping List<String>
from query string parameters reported in #162
Release 1.1.2
Bug fix release that addresses a recent issue with frameworks trying to access a null
query string parameters map.
Release 1.1.1
Bug fix release with the following changes:
- Fix in encoding settings for content type header (#150)
- Fix to make header names non case sensitive (#150)
- Fix
getParameterValues()
method inAwsProxyHttpServletRequest
to return null when no values are available (#156) - Fixed issue with requests to the root resources (
/
) that were not routed correctly by Spark (#151) - Fixed parameter and url encoding behavior to match API Gateway's proxy behavior - expect all parameter values and path in the proxy event to be url-decoded. The framework now re-url-encodes values before passing them on to the underlying framework (#146)
Release 1.1
Version 1.1 includes new performance improvements and bug fixes.
Performance improvements
- All setup code has been moved to the static initializer method. If you follow the instructions in our documentation and archetypes to include the handler creation code in a
static
block you will see a drop in cold start latency.
private static SpringBootLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
static {
try {
handler = SpringBootLambdaContainerHandler.getAwsProxyHandler(Application.class);
} catch (ContainerInitializationException e) {
e.printStackTrace();
}
}
- When using Spring profiles, we have added a new static method that receives a
ConfigurableWebApplicationContext
as well as a vararg list of profile names. Using this method will ensure that the application is initialized only once with the correct profile.
AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
applicationContext.register(PetStoreSpringAppConfig.class);
handler = SpringLambdaContainerHandler.getAwsProxyHandler(applicationContext, "profile-1", "profile-2");
- Setting profiles after the handler is initialized using the
activateSpringProfiles
method will cause the Spring context to reload and slow down the following request. - Behind the scenes we moved the initialization of
ObjectMapper
,ObjectReader
, andObjectWriter
to theLambdaContainerHandler
constructor. This will ensure that they are initialized in the static code block. - Archetype and examples for Spring now include the
spring-context-indexer
as a dependency.
Bug fixes
- Added a
logback.xml
configuration file for Spring and SpringBoot that sets the log level toERROR
. This addresses #134 to make Spring and SpringBoot applications testable with SAM Local. - Added
apiKeyId
to the request identity model to address #136. - New whitelist for hosts, ports, and base paths (#138). For applications that need to dynamically generate links, we've added the ability to read the forwarded host, and port headers. To secure this, developers have to explicitly whitelist custom domain names:
LambdaContainerHandler.getContainerConfig().addCustomDomain("api.myserver.com");