1.24.3 release notes
25th July 2023
🔒 Security fixes
- Armeria server now strips matrix variables
from a request path before finding a matching route. CVE-2023-38493
- Previously, when an Armeria decorator is used to decorate a Spring controller served
using
TomcatServiceorJettyService, the request bypassed the decorator if the request path contains matrix variables. - You can use a regex for the decorator as a workaround before you upgrade Armeria.
- For example,
sb.decoratorUnder("regex:^/prefix.*", decorator)instead ofsb.decoratorUnder("/prefix", decorator).
- For example,
- Previously, when an Armeria decorator is used to decorate a Spring controller served
using
🛠️ Bug fixes
- Fixed a regression where the logger names of
LoggingServiceandLoggingClienthave changed since 1.24.0. #5056 - You can now specify a Unix domain socket path in abstract namespace. #5014 #5036