axum-v0.6.0-rc.2
版本发布时间: 2022-09-11 22:46:10
tokio-rs/axum最新发布版本:axum-v0.7.5(2024-03-25 03:19:08)
Security
-
breaking: Added default limit to how much data
Bytes::from_requestwill consume. Previously it would attempt to consume the entire request body without checking its length. This meant if a malicious peer sent an large (or infinite) request body your server might run out of memory and crash.The default limit is at 2 MB and can be disabled by adding the new
DefaultBodyLimit::disable()middleware. See its documentation for more details.This also applies to these extractors which used
Bytes::from_requestinternally:-
Form -
Json -
String
Thanks to Shachar Menashe for reporting this vulnerability.
(#1346)
-
Routing
-
breaking: Adding a
.route_layeronto aRouterorMethodRouterwithout any routes will now result in a panic. Previously, this just did nothing. #1327
Middleware
-
added: Add
middleware::from_fn_with_stateandmiddleware::from_fn_with_state_arcto enable running extractors that require state (#1342)