# Changelog

## Version 3.6.2
- Expose `new_ssl` feature for `rustls` support from `tiny-http`.
- Switch to `sha1-smol` for a smaller footprint, more stable hash library.
- Remove dependency on `num_cpus` using `std::thread::available_parallelism` instead.

## Version 3.6.1

Reverts [Added a number of default features](https://github.com/tomaka/rouille/pull/254) as it breaks any downstreams 
who were specifying `default-features = false`.

## Version 3.6.0
- Added [`rustls`](https://github.com/rustls/rustls) support (via `tiny-http`), if you're currently using the `ssl` feature
  you can switch from OpenSSL to Rustls by instead enabling the `rustls` feature in your `Cargo.toml`.
- [Added a number of default features](https://github.com/tomaka/rouille/pull/254) to allow users to reduce
  their dependency graph where they don't need all the functionality Rouille provides. `logging`, `assets`,
  `post` and `session` are now optional, but enabled by default for backwards compatibility.
- [Correctly support 'flag' type query parameters](https://github.com/tomaka/rouille/pull/259) where the parameter has no
  associated value. Previously a query like `GET /?foo` would return `None` from `get_param`, instead of `Some("")`.
- Updated `tiny-http` to 0.12.0, further reducing the dependency tree by breaking our hard requirement on `time-rs`. This
  version of `tiny-http` also enables Unix socket listeners, which will be exposed in a future release of Rouille.

## Version 3.5.0
- Replaced our use of the `brotli2` crate with the alternative pure Rust implementation
  [`brotli`](https://github.com/dropbox/rust-brotli). This removes Rouille's vulnerability to
  [RUSTSEC-2021-0131](https://rustsec.org/advisories/RUSTSEC-2021-0131.html), which existed due to `brotli-sys`
  bundling a vulnerable version of the underlying C library.
- Unpinned `time-rs` and as a result increased our MSRV to 1.51, we don't have a formal MSRV policy and the ecosystem
  is making it more and more difficult to support compiler versions more than about 6 months old.

## Version 3.4.0
- Resolved a number of cleanup & refactoring TODOs
- Correctly identify non-lowercase content types as text (e.g. `text/JSON`
  would be incorrectly identified as non-text).
- Pinned `time-rs` to 0.3.2 to avoid a semver-breaking change in their MSRV.
- Bumped `chrono` to 0.4.19 and disabled their default feature set to avoid
  warnings about `RUSTSEC-2020-0071` (Rouille was never vulnerable, but used a
  vulnerable version of `chrono`).

## Version 3.3.1
- Use `.strip_prefix` in place of `.starts_with` where appropriate, this stops a Clippy lint from
  leaking out of our `router!` macro and into downstream code.

## Version 3.3.0
- Bumped minimum supported Rust version to 1.48
- Added module-level documentation for `rouille::content_encoding`
- Updated `time` dependency to `0.3` and `postgres` to `0.19` to fix a compile failure due to a yanked version of
  `sha1`.
- Fixed numerous typos in the crate documentation.

## Version 3.2.1

- Removed unused dependency `term` and updated `rand`, `multipart`, `deflate`
  and `time` to latest supported versions.

## Version 3.2

- Add `ResponseBody::from_reader_and_size` for constructing a `ResponseBody`
  from a `Reader` and an already known size such that `Content-Length` may be
  set on the response.

## Version 3.1.1

- Replace all uses of deprecated `try!` with `?` to suppress warnings that can
  leak out of macro contexts.

## Version 3.1.0

- Add `Server::poll_timeout()` for polling more efficiently.
- Add `Server::stoppable()` for running a single, cancellable server thread.
- Add `Server::join()` for finalising all in-flight requests before shutting down.
- [Prevent infinite loop on Websocket EOF](https://github.com/tomaka/rouille/pull/212)
- Update `tiny-http` to 0.8.1 containing fixes for:
  - HTTPS deadlock where one request holds a locked resource while another is
    attempting HTTPS negotiation
  - Fix [RUSTSEC-2020-0031](https://rustsec.org/advisories/RUSTSEC-2020-0031.html)
  - Don't set `Transfer-Encoding: chunked` on 1xx or 204 responses (which can lead
    to clients hanging).
- Bump minimum support Rust version to 1.41.1

## Version 3.0.0

- Bump minimum supported Rust version to 1.34.2
- embedded, exposed `url` version increased to 2.0
- Don't use deprecated `Error::description()`

## Version 2.2.0

- Bump minimum supported Rust version to 1.20.0.
- Expose that the `Request` body (accessible with `request.data()`)
  has a `Send` bound.

## Version 2.1.0

- Replace `flate2` with `deflate`
- Fixed handling of url-encoded path components in route!() macro.
  Previously, URL was eagerly decoded and thus would fail to match
  intended routes if special characters were used (such as ? or /).
  Now, individual matched components are decoded after matching.
- Added `Response::empty_204`.
- Added ssl feature and new_ssl constructor to Server, for https
  support. The certificate and private key must be supplied by user.

## Version 2.0.0

- Dropped the use of [rustc-serialize](https://crates.io/rustc-serialize)
  in favor of using [serde](https://crates.io/serde).
- Updated `multipart` to 0.13. The `input::multipart::get_multipart_input` function returns
  types reexported from `multipart` which have small but breaking API changes.
- Update `Server` with an option to use a thread pool to process requests

## Version 1.0.0

- `input::cookies` changed to return an iterator that yields `(&str, &str)`.

## Version 0.4.2

- The `content_encoding` module now supports brotli.
- Added an `accept!` macro similar to a `match` expression that chooses a block depending on the
  value of the `Accept` header of the request.
- Added `proxy::full_proxy`. It behaves the same as `proxy` but returns more status codes and less
  errors.
- Added `Response::from_data`, `from_file`, `with_content_disposition_attachment`, `empty_406`,
  `with_public_cache`, `with_private_cache`, `with_no_cache`, `without_header`,
  `with_additional_header` and `with_unique_header` for easier response manipulation.
- Added `Request::headers()` that provides an iterator to the list of headers.
- Added `input::priority_header_preferred` and `input::parse_priority_header` to easily parse
  request headers such as `Accept` or `Accept-Language`.
- MIME types that contain "font" are now also compressed by the `content_encoding` module.
- Changed `text/xml` to `application/xml` in the MIME types auto-determination.

## Version 0.4.1

- Added a `Server` struct as an alternative to `start_server` for manual control over the behavior.
- Added a `content_encoding::apply` function that applies `Content-Encoding` to a response.
- The `try_or_400!` macro now returns a response whose body describes the error in JSON.
- The `try_or_400!` macro now requires the error to implement the `std::error::Error` trait.

## Version 0.4.0

- Added support for websockets with the `websocket` module.
- Added `Request::do_not_track()` to query the DNT header.
- Renamed `get_json_input()` to `json_input()`.
- Renamed `get_cookies()` to `cookies()`.
- Renamed `get_basic_http_auth()` to `basic_http_auth()`.
- The logs now show the time of the start of the request processing.
- `Request::header()` now returns a `Option<&str>` instead of `Option<String>`.
- `Response::svg()` and `Response::html()` now take a `Into<String>` instead of a `Into<Vec<u8>>`.
- Renamed `Response::error()` and `success()` to `is_error()` and `is_success()`.
- The `headers` field of `Response` are now `Vec<(Cow<'static, str>, Cow<'static, str>)>` instead
  of `Vec<(String, String)>`.
- Removed `Response::redirect` and replaced it with `redirect_301`, `redirect_302`, etc.
- Added `Response::with_etag()` to add an ETag header to a response.
- Added an `upgrade` field to `Response`, necessary for websockets.
- Fixed being able to set the value of the Content-Length and Transfer-Encoding headers.
- `plain_text_body` now has a limit of 1 MB of data before returning an error.
- Added `plain_text_body_with_limit` which does the same as `plain_text_body` but with a
  customizable limit.
- Implemented the `std::error::Error` trait on all error types.
- Added `Response::into_reader_and_size()` to retrieve a `Read` object from a `ResponseBody`.
- Fixed issue with static files not being found on Windows because of `/` and `\` mismatch.

## Version 0.3.3

- Added the `proxy` module with basic reverse proxy.

## Version 0.3.2

- Added the `rouille::input::plain_text_body` function.

## Version 0.3.1

- Empty Vecs are now allowed for POST input.

## Version 0.3.0

- Reworked POST input. You can now use the `post_input!` macro instead of creating a decodable
  struct.
- Removed the `input::session` module and replaced it with the `session` module. Sessions no longer
  store data in a hashmap, but instead only provide a way to generate a unique ID per client.

## Version 0.2.0

- Fixed the `+` character in the query string not being replaced with a space as it should.
- `Request::data()` now returns an `Option<impl Read>` instead of a `Vec<u8>`. If `data()` is
  called twice, the second call will return `None`.
- `RouteError` has been removed. You are now encouraged to return a `Response` everywhere instead
  of a `Result<Response, RouteError>`.
- The `try_or_400!`, `find_route!` and `assert_or_4OO!` macros and the `match_assets` function have
  been adjusted for the previous change.
- Added a `try_or_404!` macro similar to `try_or_400!`.
- In the case of a panic, the response with status code 500 that the server answers now contains a
  small text in its body, indicating the user that an internal server error occured.
- Added `Response::empty_400()`, `Response::empty_404()`, `Response::success()` and
  `Response::error()`.