v0.8.6

What's Changed

• Framework size optiomization, small refactoring and polishing by @RomanEmreis in #165
• Add fuzz testing for router and OpenAPI by @RomanEmreis in #166
• Middleware perf tuning by @RomanEmreis in #167

Full Changelog: 0.8.5...0.8.6

v0.8.5

What's Changed

• OpenAPI: per-status response config + RFC 7807 problem+json support by @RomanEmreis in #162
• Global Error Handler and hot-path optimizations by @RomanEmreis in #163
• Nested Route Groups by @RomanEmreis in #164

Full Changelog: 0.8.4...0.8.5

v0.8.4

What's Changed

• HTTP headers updates by @RomanEmreis in #158
• Open API integration by @RomanEmreis in #159

Full Changelog: 0.8.3...0.8.4

v0.8.3

What's Changed

• Tightened WebSocket handshake validation (method checks, header token parsing, HTTP/2 :protocol enforcement)
  and ensured only negotiated subprotocols are echoed in responses.
• Added graceful close attempts when recv/send fails during WebSocket message handling.
• Introduced WsEvent<T> for split WebSockets to distinguish data messages from close events.
• Made WebSocket::recv<T> data-only; ping/pong and close frames are handled internally.
• Centralized raw message receiving to avoid parsing control frames as application data.
• Implemented best-effort close handshakes with proper error filtering for expected disconnects.
• Added protocol invariants (debug_assert!) for unexpected raw frames.
• Updated SSE message handling to store multiple fields while preserving replace semantics for data/event/id/retry and allowing dynamic comments, plus fixed append to split multi-line data correctly.
• Expanded SSE response headers to include charset, keep-alive, and proxy buffering control, with tests updated to match.
• Added SseStream that implements IntoResponse, and can be created from Message by calling once/repeat methods.
• Added implementations of async-stream for SSE and byte stream responses;
• Added zero-cost incoming HTTP body stream extractor
• Relaxed requirements for middleware and handler args, they no longer needed to be Sync.
• Relaxed requirements for stream and box bodies, they no longer needed to be Sync.

PRs

• WebSocket improvements by @RomanEmreis in #153
• SSE Improvements by @RomanEmreis in #154
• New async stream macro, helpers and extractors by @RomanEmreis in #155
• SSE improvements + relaxed Sync requirements for middleware and handl… by @RomanEmreis in #156

Full Changelog: 0.8.2...0.8.3

v0.8.2

What's Changed

• Ability to override TCP Listener by @RomanEmreis in #149
• HEAD request handling improvements by @RomanEmreis in #150
• FromPayload improvements by @RomanEmreis in #151
• Add Token Bucket and GCRA rate limiting algorithms by @RomanEmreis in #152

Full Changelog: 0.8.1...0.8.2

v0.8.1

What's Changed

• Made CI/CD pipeline idempotent + added missing volga-rate-limiter by @RomanEmreis in #142
• added workflow-dispatch by @RomanEmreis in #143
• added github pr/issue templates, security,coc and contrib by @RomanEmreis in #144
• HTTP/RFC compliance by @RomanEmreis in #145
• HttpBody improvements by @RomanEmreis in #146
• Performance Improvements by @RomanEmreis in #147
• Security Improvements by @RomanEmreis in #148

Changelog

• Updated HttpBody::json/form to return Result so serialization errors surface instead of being embedded into the body, and added an Error conversion for serde_urlencoded failures.
• Response helper macros now propagate JSON/form serialization errors, and problem-details responses match on HttpBody::json to return Err on failure.
• Added explicit ok!(text: ... )/ok!(fmt: ...) and status!(text: ... )/status!(fmt: ... ) macros for text/plain responses and documented them alongside existing ok!/status! examples.
• Removed unnecessary boxing for HttpBody::full, HttpBody::json and HttpBody::form
• Added additional methods: HttpBody::text, HttpBody::from_static, HttpBody::from_static_text, HttpBody::from_str and HttpBody::from_slice for better control.
• Improved performance for all producing response macros and IntoResponse implementations.
• Improved overall extractors' performance + added additional validation for the cases when mixed Path with NamedPath and positional arguments.
• Added cached query-like path string handling for PathArgs, including into_parts/from_parts, and preserved the cache when cloning to reduce recomputation in extractor/middleware flows.
• Switched route/allow header internals to Arc<str> and cached Allow values on route nodes to avoid recomputing 405 headers, plus simplified HSTS formatting to avoid intermediate allocation.
• Added cached query-arg parsing in HttpRequest/HttpRequestMut to reduce repeated query parsing across extractors.
• Added decompression safety limits (max compressed/decompressed bytes and expansion ratio) with streaming enforcement, default limits, and app-level configuration; resolved limits are now stored in AppInstance and provided via request extensions to middleware.
• Hardened static file handling by canonicalizing requested paths to block traversal, showing relative directory paths, and hiding size/mtime metadata in release listings; added warnings for risky HostEnv settings.
• Restricted rate-limit IP extraction to trusted proxies when honoring Forwarded/X-Forwarded-For, added trusted-proxy configuration on App, and updated tests accordingly.

Full Changelog: 0.8.0...0.8.1

v0.8.0

What's Changed

• Added an accepted and created macros by @RomanEmreis in #131
• Rate Limiting by @RomanEmreis in #132
• Improvements for integration tests by @RomanEmreis in #133
• Backpressure & limits by @RomanEmreis in #135
• Refactor HSTS and Tracing by @RomanEmreis in #136
• Improve CORS Middleware: Correct Preflight Handling & Precomputed Headers by @RomanEmreis in #137

Breaking Changes

• Route Group API redesign #132
• Removed ResponseContext and Results helper types to better align with the current API model.
• Reduced the public surface of HttpContext and HttpRequest to prevent bypassing framework invariants.
• Introduced HttpRequestMut, allowing controlled and limited mutation of HttpRequest in tap_req() and wrap() middlewares.
• Removed into_boxed_body, into_body_stream, and into_boxed_unsync_body from HttpRequest.
• Reduced the public surface of HttpResponse, further decoupling it from the underlying HTTP implementation.
• Introduced a core HttpResponseBuilder, accessible via HttpResponse::builder().
• Consolidated HTTP header manipulation into a single, consistent, and type-safe API.
• Renamed the custom_headers! macro to headers!.
• Removed use_hsts and use_tracing as they are no longer needed.
• Removed dependency from middleware feature for the tls and tracing features.
• Renamed with_cache_control middleware to cache_control for routes and route groups.
• use_cache_control middleware replaced with the with_cache_control builder-like configuration that precomputes a Cache-Control HTTP header which will be set if it's not present.
• exclude_hosts: replaced Vec<&'static str> with Vec<String> using a flexible builder API; runtime is_excluded works directly without extra slices or allocations.

Full Changelog: 0.7.3...0.8.0

v0.7.3

What's Changed

• Correted docs by @RomanEmreis in #128
• Updated dependencies by @RomanEmreis in #129
• Problem details updates by @RomanEmreis in #130

Full Changelog: 0.7.2...0.7.3

v0.7.2

What's Changed

• Routing performance improvements by @RomanEmreis in #127

Full Changelog: 0.7.1...0.7.2

v0.7.1

What's Changed

• HttpRequest improvements for middlewares by @RomanEmreis in #126

Full Changelog: 0.7.0...0.7.1