github tokio-rs/axum axum-v0.6.0-rc.2
axum - v0.6.0.rc.2
on GitHub

latest releases: axum-v0.7.7, axum-core-v0.4.5, axum-extra-v0.9.4...
2 years ago

Security

  • breaking: Added default limit to how much data Bytes::from_request will
    consume. Previously it would attempt to consume the entire request body
    without checking its length. This meant if a malicious peer sent an large (or
    infinite) request body your server might run out of memory and crash.

    The default limit is at 2 MB and can be disabled by adding the new
    DefaultBodyLimit::disable() middleware. See its documentation for more
    details.

    This also applies to these extractors which used Bytes::from_request
    internally:

    • Form
    • Json
    • String

    Thanks to Shachar Menashe for reporting this vulnerability.

    (#1346)

Routing

  • breaking: Adding a .route_layer onto a Router or MethodRouter
    without any routes will now result in a panic. Previously, this just did
    nothing. #1327

Middleware

  • added: Add middleware::from_fn_with_state and
    middleware::from_fn_with_state_arc to enable running extractors that require
    state (#1342)
Check out latest releases or
releases around tokio-rs/axum axum-v0.6.0-rc.2

Don't miss a new axum release

NewReleases is sending notifications on new releases.

Get notifications