8.2.0

Breaking changes

• Some security fixes for Giraffe - Credits @Thorium
  • New handlers added to improve security aspects, like safeRedirectTo, safeRedirectToExt, validateCsrfTokenExt and more. Those deal with:
    • URL validation in redirectTo to prevent cross-site scripting (XSS)
    • Cross-Site Request Forgery (CSRF) token validation helpers
  • XML serializer's Deserialize<'T>(xml: string) method now uses a configuration to prevent XXE attacks.
• Remove [<AllowNullLiteral>] attribute from Json.ISerializer and Xml.ISerializer - Credits @64J0
  • With the release of .NET 9 we have nullable reference types.
  • When this feature is enabled (<Nullable>enable</Nullable>), our users started running into problems that boils down to Json.ISerializer having the AllowNullLiteral attribute.
  • Due to it, we decided to remove this attribute from both the Json.ISerializer and the Xml.ISerializer.
    • New automated tests were added to assert that the serializers are still working properly.
    • We also updated some sample projects to use this feature.

Other updates

• Remove Obsolete from redirectTo - Credits @kerams
• Could we avoid allocation of UTF8 byte array? - Credits @Thorium
• Update fsharp-analyzers and the analyzer packages - Credits @Numpsy
• Improve JSON docs - Credits @64J0
• Add issue templates - Credits @64J0
• Enhance routef support for named parameters and improve documentation - Credits @RJSonnenberg
• Fix assembly version
• Add GitHub dependabot configuration - Credits @64J0
• Add global rate limiting sample - Credits @64J0
• Add OpenApi section to the documentation - Credits @64J0
• Add AssemblyVersion attribute - Credits @64J0
• Add more links - Credits @64J0
• Code scanning fix patches - Credits @64J0
• Add .NET 9 as target framework, fine-tune dependabot, update CI and clean tests removing .NET 6/7 from target frameworks - Credits @64J0
• [Alpha] Add Endpoint routing functions ...WithExtensions - Credits @64J0

8.2.0-alpha-002

• Remove Obsolete from redirectTo - Credits @kerams

8.2.0-alpha-001

Breaking changes

• Some security fixes for Giraffe - Credits @Thorium
  • New handlers added to improve security aspects, like safeRedirectTo, safeRedirectToExt, validateCsrfTokenExt and more. Those deal with:
    • URL validation in redirectTo to prevent cross-site scripting (XSS)
    • Cross-Site Request Forgery (CSRF) token validation helpers
  • XML serializer's Deserialize<'T>(xml: string) method now uses a configuration to prevent XXE attacks.
  • redirectTo handler now marked as Obsolete.

Other updates

• Could we avoid allocation of UTF8 byte array? - Credits @Thorium

8.1.0-alpha-001

Breaking changes

• Remove [<AllowNullLiteral>] attribute from Json.ISerializer and Xml.ISerializer - Credits @64J0
  • With the release of .NET 9 we have nullable reference types.
  • When this feature is enabled (<Nullable>enable</Nullable>), our users started running into problems that boils down to Json.ISerializer having the AllowNullLiteral attribute.
  • Due to it, we decided to remove this attribute from both the Json.ISerializer and the Xml.ISerializer.
    • New automated tests were added to assert that the serializers are still working properly.
    • We also updated some sample projects to use this feature.

Other updates

• Update fsharp-analyzers and the analyzer packages - Credits @Numpsy
• Improve JSON docs - Credits @64J0
• Add issue templates - Credits @64J0

8.0.0-alpha-003

• Enhance routef support for named parameters and improve documentation - Credits @RJSonnenberg

8.0.0-alpha-002

• Fix assembly version

8.0.0-alpha-001

With this release, we're improving the codebase a bit by fixing warnings triggered by Ionide.Analyzers, and adding .NET 9 as a target framework to the project.

Other than that, we're adding new router functions for the EndpointRouting module which will let the user interact with Giraffe's ConfigureEndpoint directly. This will let you use Asp.Net extensions directly, like rate limiting, response caching, etc. Just remember its type definition:

type ConfigureEndpoint = IEndpointConventionBuilder -> IEndpointConventionBuilder

And here we have the list of PRs related to this release:

• Add GitHub dependabot configuration - Credits @64J0
• Add global rate limiting sample - Credits @64J0
• Add OpenApi section to the documentation - Credits @64J0
• Add AssemblyVersion attribute - Credits @64J0
• Add more links - Credits @64J0
• Code scanning fix patches - Credits @64J0
• Add .NET 9 as target framework, fine-tune dependabot, update CI and clean tests removing .NET 6/7 from target frameworks - Credits @64J0
• [Alpha] Add Endpoint routing functions ...WithExtensions - Credits @64J0

7.0.2

• Moar fantomas - Credits @nojaf
  • Format all F# source code using fantomas.
  • Started checking the samples/, tests/ and src/ contents to know if they are complying with fantomas format.
• HandleOptionGracefullyAnalyzer for ETag and Last-Modified at Preconditional.fs - Credits @64J0
• feat: add request limits on accept, content-type, and content-length headers - Credits @stijnmoreels
  • Add request guards/limitation on:
    • Accept header
    • Content-Type header
    • Content-Length header
• Add maintainers info - Credits @nojaf
• Fix ReadBodyFromRequestAsync disposing ctx.Request.Body - Credits @64J0

7.0.2-alpha-002

• Add maintainers info - Credits @nojaf
• Fix ReadBodyFromRequestAsync disposing ctx.Request.Body - Credits @64J0

7.0.2-alpha-001

• Moar fantomas - Credits @nojaf
  • Format all F# source code using fantomas.
  • Started checking the samples/, tests/ and src/ contents to know if they are complying with fantomas format.
• HandleOptionGracefullyAnalyzer for ETag and Last-Modified at Preconditional.fs - Credits @64J0
• feat: add request limits on accept, content-type, and content-length headers - Credits @stijnmoreels
  • Add request guards/limitation on:
    • Accept header
    • Content-Type header
    • Content-Length header