Release 1.0.1

Release 1.0.1 to address critical Jackson vulnerability CVE-2018-5968. All Jackson dependencies were bumped to version 2.9.4.

To address these type of issues going forward, we scheduled a daily build with Travis.

Release 1.0

The 1.0 release of Serverless Java Container includes major updates to the Jersey and Spring versions as well as a number of bug fixes and performance improvements:

New features

• New maven archetypes to generate simple projects. Take a look at our quick start guides.
• Added request logging in Apache Combined format with a customizable LogFormatter interface
• new streamProxy method to simplify Lambda handler creation:

@Override
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context)
        throws IOException {
    handler.proxyStream(inputStream, outputStream, context);
}

Framework updates

• Added support for Jersey version 2.26 (JAX-RS 2.1 specifications)
• Added support for Spring 5.0.3 and Spring Boot 1.5.9

Performance improvements

• Moved from ObjectMapper to specific ObjectReader and ObjectWriter in handler class
• Changed all date formatting and parsing to use the new java.time package
• Added caching of parameter maps and sets in AwsProxyHttpServletRequest
• Added caching of base URIs for Jersey implementation

Bug fixes

• Switched from FindBugs to SpotBugs
• getSessionId in servlet request returns null instead of throwing unsupported operation exception. All other session-access method log a warning. Create session throws unsupported operation exception
• Fix an issue with request include and forward that prevented the processing from completing
• Fix an issue with request date headers to return the correct value when the header is not populated

Release 0.9.1

Patch release to address the base path stripping issue for Jersey highlighted in #112. Also added unit tests and log warning messages to ensure expected behavior for #111.

Release 0.9

This is a major release of the library with new features, changes - some breaking, and fixes. To get started with this latest release, follow the documentation on the project's wiki.

New features, changes, and enhancements

• We moved the Jersey implementation of the library to use HttpServletRequest and HttpServletResponse behind the scenes. This allows us to inject all servlet objects as @Context properties. (#62)
• Moved model package out of internal and under com.amazonaws.serverless.proxy. Also moved classes that implementations/deployments can extend out of the internal package to the proxy package (#83):
  • ExceptionHandler
  • RequestReader
  • ResponseWriter
  • SecurityContextWriter
  • AwsProxySecurityContextWriter
• Removed redundant ObjectMapper declarations to reduce cold start time. Instead we moved to a single, static ObjectMapper in the LambdaContainerHandler abstract class (#91).
• Updated all samples to use the RequestStreamHandler interface to support JSON annotations in event models. Also updated the documentation and moved it to the wiki (#89).
• Added configuration parameters to decide whether the API Gateway stage and/or the stripped base path should be included in the servlet context path. Also updated the wiki documentation of the ContainerConfig object (#84).
• Added Spring profiles support in Spring Boot handler (#88).
• Added FindBugs with the security plugin to the build process - build fails if all potential bugs are not addressed (#100).

Bug fixes

• Solved bug that caused query string and path parameters to appear multiple times in a servlet request (#86).
• Solved error log when no valid appenders for SLF4J were found (#80).

Release 0.8

Release 0.8 includes the following changes:

• Upgraded Spark Framework to version 2.7.1.
• New handler class for Spring Boot applications (#65).
• Added CognitoUserPoolPrincipal that allows access to all of the claims included in the Cognito User Pool tokens (#55).
• Update to filters processing. The framework now handles the request inside the filter chain. This makes it easier to halt the request processing should a filter require it.
• Various bug fixes and new unit tests.

Include the library as a dependency in your Java project by replacing the xxxxxx below with the framework you want to you - jersey, spark, or spring:

<dependency>
    <groupId>com.amazonaws.serverless</groupId>
    <artifactId>aws-serverless-java-container-xxxxxx</artifactId>
    <version>0.8</version>
</dependency>

Release 0.7

This release includes upgrades and a few bug fixes

• Upgraded Spark support to version 2.6.0 - this is not backward-compatible with Spark 2.5.x, between the two releases there were breaking changes in the embedded server interfaces
• Fixed issue with URL encoding of path and query string parameters - The library now tries to decode the path and query string values passed by API Gateway.
• Added new uriEncoding property to the ContainerConfig object - By default the value for this property is set to UTF-8. The framework uses the configured charset to url decode request properties. All LambdaContainerHandler implementations exposed a method to access the config and change its values.
• The library can now group multiple Set-Cookie headers in a single header as a comma-separated list - This is because API Gateway only supports a single header per key. This behavior can be configured in the ContainerConfig object. RFC2109 specifies this behavior although it is still not supported by all browsers.
• Fixed a bug that caused servlet filters to be executed only for the first request.
• Fixed a bug that caused the Expires and MaxAge properties to be incorrectly populated in Set-Cookie headers.

Release 0.6

Addressed multiple issues and integrated slf4j-api for logging.

Release 0.5.1

This release addresses two issues:

• Fixes support for Spark 2.5.3 - The issue was created by the Servlet Filter implementation included in 0.5. See issue #40
• Fixes principal name for APIs configured with AWS_IAM auth - Changed the behavior of the getName method of a principal in the AwsProxySecurityContext to return the Cognito ID if present in the request, otherwise the user ARN. See issue #43

Release 0.5

New features

• Support for Cognito User Pool authorizers
• RequestDispatchers for Spring MVC applications
• Jersey injection of ServletContext and ServletResponse
• Ability to strip base path mappings when configured with a custom domain name

Bug fixes

• Support for multipart/form data binary payloads
• URL encoding in servlet implementation