Content

• Add API browsing module with support for Swagger UI, Redoc and Scalar (#587, #593)
• Add a new flavor to build layouts (#579)
• Generate Allow header if a framework is called with the wrong HTTP method (#589)
• Emit Content-Language header for localized content (#588)

Bug Fixes

• Fix Kestrel declining request with a body of more than 30 MB (#592)

Content

• Add role based authorization (#561)
• Allow to use multiple authentication methods at the same time (#563) by @Matasx
• Detect and respect the locale requested by the client (#489) by @Matasx
• Allow to add multiple segments to a layout at once (#531)
• Allow service operations to be intercepted using attributes (#573)

Thanks

• @Matasx for their feature contributions and code reviews

• Add adapter to use GenHTTP modules in ASP.NET Core (#557)
• Allow to customize serialization formats by passing options (#564)

• Add support for client certificates (mTLS) (#559)
• Enable HTTP/2 and HTTP/3 on Kestrel (#560)

General Changes

• This release removes all website rendering capabilities as announced in #496
• This release supports .NET 8 & 9, dropping support for .NET 6 & 7
• Modernize server code to match current standards (#517, #516, #515)
• Adds Kestrel as a new server engine (#526)

Content

• Adds support for Websockets (#82)
• Adds support for Open API (#436)
• Adds support for Server Sent Events (SSE) (#373)
• Allows to inspect any HTTP request generated by the server (#437)
• Adds support for YAML format (#539)
• Adds support for Zstandard compression (#494)
• Switch default error handler to generate JSON instead of HTML (#443)

What's Changed

• Improve parser tests and tracability by @Kaliumhexacyanoferrat in #499
• Fix request errors on idle connections by @Kaliumhexacyanoferrat in #501
• Simplify and clarify reverse proxy tests by @Kaliumhexacyanoferrat in #502
• Pick up forwardings from legacy headers as well by @Kaliumhexacyanoferrat in #504
• Add test extensions to easily deserialize responses by @Kaliumhexacyanoferrat in #505
• Add bearer authentication concern by @Kaliumhexacyanoferrat in #506

Full Changelog: v8.5.0...v8.6

What's Changed

• Fix concurrent requests causing the server to always return an internal server error by @Kaliumhexacyanoferrat in #495
• Reduce write calls and optimize memory handling by @Kaliumhexacyanoferrat in #497
• Fix the server not gracefully closing a connection after a keep-alive timeout by @Kaliumhexacyanoferrat in #498

Full Changelog: v8.4.0...v8.5.0

What's Changed

• Add minification module by @Kaliumhexacyanoferrat in #484
• Add support for chunked encoded request bodies by @Kaliumhexacyanoferrat in #486
• Make request parser more fault tolerant by @Kaliumhexacyanoferrat in #487
• Enable sub routes for web service methods returning IHandler / IHandlerBuilder instances by @Kaliumhexacyanoferrat in #490
• Prefer non-wildcard routes over wildcard ones if multiple routes match by @Kaliumhexacyanoferrat in #491

Full Changelog: v8.3.0...v8.4.0

What's Changed

• Add web-based authentication by @Kaliumhexacyanoferrat in #468
• Further reduce allocations by @Kaliumhexacyanoferrat in #477
• Various performance improvements by @Kaliumhexacyanoferrat in #482

Full Changelog: v8.2.0...v8.3.0

What's Changed

• Fix new code smells reported by Sonar by @Kaliumhexacyanoferrat in #446
• Clarify documentation on how the root handler works by @Kaliumhexacyanoferrat in #449
• Allow simple types to be read from body by @Kaliumhexacyanoferrat in #445
• Allow to pass serialization and injection factories for web services by @Kaliumhexacyanoferrat in #460
• Fix method handler being unable to unwrap derived task instances by @Kaliumhexacyanoferrat in #464
• Add additional content types by @Kaliumhexacyanoferrat in #465
• Rework how field-based parameters are serialized and deserialized by @Kaliumhexacyanoferrat in #467

Full Changelog: v8.1.0...v8.2.0