Skip to content

13.0.0

Latest

Choose a tag to compare

@github-actions github-actions released this 01 Jul 07:39
c0bbb5a

πŸ—žοΈ What's Changed

Refit 13 is a major release focused on security hardening and a brand-new testing package.

  • Security hardening (#2181) β€” closes issues found in a security audit. XML deserialization is now protected against XXE (external entity) attacks, the Newtonsoft.Json integration no longer honours unsafe TypeNameHandling by default (blocking type-confusion/deserialization attacks), and sensitive values (auth headers, tokens) are now redacted from exception and log output. This is the main reason for the major version bump: if you relied on permissive Newtonsoft type handling you may need to opt back in explicitly.
  • New Refit.Testing package (#2184) β€” a first-party way to stub and verify Refit clients in tests without spinning up a real HttpClient. Supply canned responses for interface calls and assert which requests your code made, instead of hand-rolling HttpMessageHandler fakes.
  • R3 bridge analyzer fix (#2186) β€” corrects the removal target for the R3 bridge analyzer.
  • CI and documentation tidy-ups for SonarCloud on fork pull requests.

✨ Features

🧹 General Changes

πŸ“ Documentation

πŸ“Œ Other

πŸ”— Full Changelog: v12.1.0...v13.0.0

πŸ™Œ Contributions

πŸ’– Thanks to all the contributors: @ChrisPulman, @glennawatson