- Optimize cookie parsing by 10x (10x faster, 10x less memory) on Erlang/OTP 26+
- Support x-forwarded-for in Plug.RewriteOn
- Support MFArgs in Plug.RewriteOn
- Add immutable directive to versioned requests in
Plug.Static
- Support disabling MIME type handling in
Plug.Static
- Fix bug with discarded connection state in
Plug.Debugger
- Parse media types with underscores in them
- Do not crash on
max_age
set to nil (for consistency)
- Allow setting the port on the connection in tests
- Allow returning
{:ok, payload}
on inform - Allow custom exceptions in
validate_utf8
option - Allow skipping sent body on chunked replies
- Add
:assign_as
option toPlug.RequestId
- Improve performance of
Plug.RequestId
- Avoid clashes between Plug nodes
- Add specs to
Plug.BasicAuth
- Fix a bug with non-string
_method
body parameters inPlug.MethodOverride
- Relax requirement on
plug_crypto
- Add
Plug.Conn.get_session/3
for default value - Allow
Plug.SSL.configure/1
to accept all :ssl options - Optimize query decoding by 15% to 45% - this removes the previously deprecated
:limit
MFA and:include_unnamed_parts_at
from MULTIPART. This may be backwards incompatible for applications that were relying on ambiguous arguments, such asuser[][key]=1&user[][key]=2
, which has unspecified parsing behaviour
- Properly deprecate
Plug.Adapters.Cowboy
before removal
- Add
nest_all_json
option to JSON parser - Make action on Plug.Debugger page look like a button
- Better formatting of exceptions on the error page
- Provide stronger response header validation
Require Elixir v1.10+.
- Add
Plug.Conn.prepend_req_headers/2
andPlug.Conn.merge_req_headers/2
- Support adapter upgrades with
Plug.Conn.upgrade_adapter/3
- Add "Copy to Markdown" button in exception page
- Support exclusive use of tlsv1.3
- Make sure last parameter works within maps
- Deprecate server pushes as they are no longer supported by browsers
- Fix compile-time dependencies in Plug.Builder
- Support
:via
inPlug.Router.forward/2
- Fix compile-time deps in Plug.Builder
- Do not require routes to be compile-time binaries in
Plug.Router.forward/2
- Improve deprecation warnings
- [Plug.Builder] Introduce
:copy_opts_to_assign
instead ofbuilder_opts/0
- [Plug.Router] Do not introduce compile-time dependencies in
Plug.Router
- [Plug.Router] Properly fix regression on Plug.Router helper function accidentally renamed
- [Plug.Router] Fix regression on Plug.Router helper function accidentally renamed
- [Plug.Builder] Do not add compile-time deps to literal options in function plugs
- [Plug.Parsers.MULTIPART] Allow custom conversion of multipart to parameters
- [Plug.Router] Allow suffix matches in the router (such as
/feeds/:name.atom
) - [Plug.Session] Allow a list of
:rotating_options
for rotating session cookies - [Plug.Static] Allow a list of
:encodings
to be given for handling static assets - [Plug.Test] Raise an error when providing path not starting with "/"
- [Plug.Upload] Normalize paths coming from environment variables
- [Plug.Router] Mixing prefix matches with globs is deprecated
- [Plug.Parsers.MULTIPART] Deprecate
:include_unnamed_parts_at
- [Plug] Make sure module plugs are compile time dependencies if init mode is compile-time
- [Plug] Accept mime v2.0
- [Plug] Accept telemetry v1.0
- [Plug.Conn] Improve performance of UTF-8 validation
- [Plug.Conn.Adapter] Add API for creating a connection
- [Plug.Static] Allow MFA in
:from
- [Plug.Upload] Allow transfer of ownership in Plug.Upload
- [Plug.Debugger] Drop CSP Header when showing error via Plug.Debugger
- [Plug.Test] Populate
query_params
fromPlug.Test.conn/3
- [Plug.RewriteOn] Add a new public to handle
x-forwarded
headers - [Plug.Router] Add macro for
head
requests
- [Plug.CSRFProtection] Do not crash if request body params are not available
- [Plug.Conn.Query] Conform
www-url-encoded
parsing to whatwg spec
- [Plug.Parsers.MULTIPART] Deprecate passing MFA to MULTIPART in favor of a more composable approach
- [Plug.Conn] Automatically set secure when deleting cookies to fix compatibility with SameSite
- [Plug.SSL] Allow host exclusion to be checked dynamically
- [Plug.Router] Fix router telemetry event to follow Telemetry specification. This corrects the telemetry event added on v1.10.1.
- [Plug] Make
:telemetry
a required dependency - [Plug.Test] Populate
:query_string
when params are passed in
- [Plug] Add
Plug.run/3
for running multiple Plugs at runtime - [Plug] Add
Plug.forward/4
for forwarding between Plugs
- [Plug.Conn] Add option to disable uft-8 validation on query strings
- [Plug.Conn] Support
:same_site
option when writing cookies - [Plug.Router] Add router dispatch telemetry events
- [Plug.SSL] Support
:x_forwarded_host
and:x_forwarded_port
on:rewrite_on
- [Plug.Test] Ensure parameters are converted to string keys
- [Plug.BasicAuth] Add
Plug.BasicAuth
- [Plug.Conn] Add built-in support for signed and encrypted cookies
- [Plug.Exception] Allow to use atoms as statuses in the
plug_status
field for exceptions
- [Plug.Router] Handle malformed URI as bad requests
- [Plug.Conn.Cookies] Make
decode
split on;
only, remove$
-prefix condition - [Plug.CSRFProtection] Generate url safe CSRF masks
- [Plug.Parsers] Treat invalid content-types as parsing errors unless
:pass
is given - [Plug.Parsers] Ensure parameters are merged when falling back to
:pass
clause - [Plug.Parsers] Use HTTP status code 414 when query string is too long
- [Plug.SSL] Rewrite port when rewriting a request coming to a standard port
- [Plug] Make Plug fully compatible with new Elixir child specs
- [Plug.Exception] Add actions to exceptions that implement
Plug.Exception
and render actions inPlug.Debugger
error page - [Plug.Parsers] Add option to skip utf8 validation
- [Plug.Parsers] Make multipart support MFA for
:length
limit - [Plug.Static] Accept MFA for
:header
option
- When implementing the
Plug.Exception
protocol, if the newactions
function is not implemented, a warning will printed during compilation.
- [Plug.Builder] Ensure init_mode option is respected within the Plug.Builder DSL itself
- [Plug.Session] Fix dropping session with custom max_age
- [Plug.CSRFProtection] Increase entropy and ensure forwards compatibility with future URL-safe CSRF tokens
- [Plug.CSRFProtection] Allow state to be dumped from the session and provide an API to validate both state and tokens
- [Plug.Session.Store] Add
get/1
to retrieve the store from a module/atom - [Plug.Static] Support Nginx range requests
- [Plug.Telemetry] Allow extra options in
Plug.Telemetry
metadata
- [Plug.Conn] Add
get_session/1
for retrieving the whole session - [Plug.CSRFProtection] Add
Plug.CSRFPRotection.load_state/2
andPlug.CSRFPRotection.dump_state/0
to allow tokens to be generated in other processes - [Plug.Parsers] Allow unnamed parts in multipart parser via
:include_unnamed_parts_at
- [Plug.Router] Wrap router dispatch in a connection checkpoint to avoid losing information attached to the connection in error cases
- [Plug.Telemetry] Add
Plug.Telemetry
to facilitate with telemetry integration
- [Plug.Conn.Status] Use IANA registered status code for HTTP 425
- [Plug.RequestID] Reduce RequestID size by relying on base64 encoding
- [Plug.Static] Ensure etags are quoted correctly
- [Plug.Static] Ensure vary header is set in 304 response
- [Plug.Static] Omit content-encoding header in 304 responses
- [Plug.Parser.MULTIPART] Support UTF-8 filename encoding in multipart parser
- [Plug.Router] Add
builder_opts
support to:dispatch
plug - [Plug.SSL] Do not disable client renegotiation
- [Plug.Upload] Raise when we can't write to disk during upload
- [Plug.Adapters.Cowboy] Less verbose output when plug_cowboy is missing
- [Plug.Adapters.Cowboy2] Less verbose output when plug_cowboy is missing
- [Plug] Require Elixir v1.4+
- [Plug.Session] Support MFAs for cookie session secrets
- [Plug.Test] Add
put_peer_data
- [Plug.Adapters.Cowboy] Extract into plug_cowboy
- [Plug.Adapters.Cowboy2] Extract into plug_cowboy
- [Plug.SSL] Don't redirect excluded hosts on Plug.SSL
- [Plug] Applications may need to add
:plug_cowboy
to your deps to use this version