Release 1.2

New major release with bug fixes, new features, and Struts 2 support!

We received a lot of support from the community for this release - all contributors are mentioned next to the feature/issue they worked on. Thank you all!

New features

• Support for the Apache Struts framework including an archetype: aws-serverless-struts2-archetype. Take a look at the quick start wiki. (#149 thank you, @jogep)
• Support for API Gateway's multi-value headers and query string parameters. You can now receive arrays of values in the query string and return multiple cookies! (#198)
• Support for pre-registered binary content types so that the framework doesn't have to test the encoding of requests. You can now call the addBinaryContentTypes(String... ct) method on the ContainerConfig object to ensure the specified content types are always treated as binary. By default, the ContainerConfig object registers application/octet-stream, image/jpeg, image/png, and image/gif as binary (#191 thank you, @billrobertson42)
• Override default charset when not specified in a request Content-Type. By default, the HTTP specs assume ISO-8859-1 as charset. You can now call the setDefaultContentCharset() of the ContainerConfig object to override this (#175)
• Updated version of all dependency framework to the latest version (#201):
  • Jersey 2.26 -> 2.27
  • Spark 2.7.2 -> 2.8.0 (thank you, @jschwartz73)
  • Spring 5.0.7.RELEASE -> 5.1.1.RELEASE
  • SpringBoot 1.5.9.RELEASE -> 1.5.17.RELEASE

Bug fixes

• Resolved NullPointerException when trying to access non-existent query string parameters in Spark (#168)
• Resolved NullPointerException when trying to access remote address and the event object does not contain the context or identity objects. System now defaults to 127.0.0.1 if the value is not populated in the event (#182)
• Fixed setCharacterEncoding method in servlet response. It was erroneously setting the Content-Encoding header. This has now been fixed to append the charset property to the Content-Type header (#188 thank you, @larmog)
• Fixed encoding of request URI for Jersey implementation. The library generated the ContainerRequest object using the getPathInfo() method from the servlet request, which contained decoded parameters. Changed this to use the getRequestURI() method. (#200)
• Resolved IllegalArgumentException when processing multipart forms. The exception was thrown by the file path security validation method when applied to the file name on the multi-part form. (#205 thank you, @tjordahl)

Other changes

• Moved archetypes to root of package to prevent build failures when calling maven package in specific archtype (#185 thank you, @norris-shelton)
• Removed need to close the output stream explicitly. The stream is now owned by the proxyStream method (#183)
• Added integration tests for archetypes and parameterized the dependency versions in the pom.xml to make sure we don't publish an archetype out of step again (#178)
• Updated Jackson dependency version in all packages and samples to 2.9.7 to address CVE-2018-7489 (#201)

Release 1.1.4

Patch release:

• Addresses the null query string issue reported in #168
• Switched Spring and SpringBoot archetypes to use the @Import annotation rather than @ComponentScan

Release 1.1.3

Bug fix release to address an issue with Spring mapping List<String> from query string parameters reported in #162

Release 1.1.2

Bug fix release that addresses a recent issue with frameworks trying to access a null query string parameters map.

Release 1.1.1

Bug fix release with the following changes:

• Fix in encoding settings for content type header (#150)
• Fix to make header names non case sensitive (#150)
• Fix getParameterValues() method in AwsProxyHttpServletRequest to return null when no values are available (#156)
• Fixed issue with requests to the root resources (/) that were not routed correctly by Spark (#151)
• Fixed parameter and url encoding behavior to match API Gateway's proxy behavior - expect all parameter values and path in the proxy event to be url-decoded. The framework now re-url-encodes values before passing them on to the underlying framework (#146)

Release 1.1

Version 1.1 includes new performance improvements and bug fixes.

Performance improvements

• All setup code has been moved to the static initializer method. If you follow the instructions in our documentation and archetypes to include the handler creation code in a static block you will see a drop in cold start latency.

private static SpringBootLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
static {
    try {
        handler = SpringBootLambdaContainerHandler.getAwsProxyHandler(Application.class);
    } catch (ContainerInitializationException e) {
        e.printStackTrace();
    }
}

• When using Spring profiles, we have added a new static method that receives a ConfigurableWebApplicationContext as well as a vararg list of profile names. Using this method will ensure that the application is initialized only once with the correct profile.

AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
applicationContext.register(PetStoreSpringAppConfig.class);
handler = SpringLambdaContainerHandler.getAwsProxyHandler(applicationContext, "profile-1", "profile-2");

• Setting profiles after the handler is initialized using the activateSpringProfiles method will cause the Spring context to reload and slow down the following request.
• Behind the scenes we moved the initialization of ObjectMapper, ObjectReader, and ObjectWriter to the LambdaContainerHandler constructor. This will ensure that they are initialized in the static code block.
• Archetype and examples for Spring now include the spring-context-indexer as a dependency.

Bug fixes

• Added a logback.xml configuration file for Spring and SpringBoot that sets the log level to ERROR. This addresses #134 to make Spring and SpringBoot applications testable with SAM Local.
• Added apiKeyId to the request identity model to address #136.
• New whitelist for hosts, ports, and base paths (#138). For applications that need to dynamically generate links, we've added the ability to read the forwarded host, and port headers. To secure this, developers have to explicitly whitelist custom domain names:

LambdaContainerHandler.getContainerConfig().addCustomDomain("api.myserver.com");

• Fixed query string encoding in Jersey (#140)
• Using body input stream instead of event body for form parameters (#141)
• Bumped Jackson dependency to 2.9.5 to address critical vulnerability (#139)

Release 1.0.1

Release 1.0.1 to address critical Jackson vulnerability CVE-2018-5968. All Jackson dependencies were bumped to version 2.9.4.

To address these type of issues going forward, we scheduled a daily build with Travis.

Release 1.0

The 1.0 release of Serverless Java Container includes major updates to the Jersey and Spring versions as well as a number of bug fixes and performance improvements:

New features

• New maven archetypes to generate simple projects. Take a look at our quick start guides.
• Added request logging in Apache Combined format with a customizable LogFormatter interface
• new streamProxy method to simplify Lambda handler creation:

@Override
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context)
        throws IOException {
    handler.proxyStream(inputStream, outputStream, context);
}

Framework updates

• Added support for Jersey version 2.26 (JAX-RS 2.1 specifications)
• Added support for Spring 5.0.3 and Spring Boot 1.5.9

Performance improvements

• Moved from ObjectMapper to specific ObjectReader and ObjectWriter in handler class
• Changed all date formatting and parsing to use the new java.time package
• Added caching of parameter maps and sets in AwsProxyHttpServletRequest
• Added caching of base URIs for Jersey implementation

Bug fixes

• Switched from FindBugs to SpotBugs
• getSessionId in servlet request returns null instead of throwing unsupported operation exception. All other session-access method log a warning. Create session throws unsupported operation exception
• Fix an issue with request include and forward that prevented the processing from completing
• Fix an issue with request date headers to return the correct value when the header is not populated

Release 0.9.1

Patch release to address the base path stripping issue for Jersey highlighted in #112. Also added unit tests and log warning messages to ensure expected behavior for #111.

Release 0.9

This is a major release of the library with new features, changes - some breaking, and fixes. To get started with this latest release, follow the documentation on the project's wiki.

New features, changes, and enhancements

• We moved the Jersey implementation of the library to use HttpServletRequest and HttpServletResponse behind the scenes. This allows us to inject all servlet objects as @Context properties. (#62)
• Moved model package out of internal and under com.amazonaws.serverless.proxy. Also moved classes that implementations/deployments can extend out of the internal package to the proxy package (#83):
  • ExceptionHandler
  • RequestReader
  • ResponseWriter
  • SecurityContextWriter
  • AwsProxySecurityContextWriter
• Removed redundant ObjectMapper declarations to reduce cold start time. Instead we moved to a single, static ObjectMapper in the LambdaContainerHandler abstract class (#91).
• Updated all samples to use the RequestStreamHandler interface to support JSON annotations in event models. Also updated the documentation and moved it to the wiki (#89).
• Added configuration parameters to decide whether the API Gateway stage and/or the stripped base path should be included in the servlet context path. Also updated the wiki documentation of the ContainerConfig object (#84).
• Added Spring profiles support in Spring Boot handler (#88).
• Added FindBugs with the security plugin to the build process - build fails if all potential bugs are not addressed (#100).

Bug fixes

• Solved bug that caused query string and path parameters to appear multiple times in a servlet request (#86).
• Solved error log when no valid appenders for SLF4J were found (#80).