4.2.0

Steeltoe 4.2 improves overall security and fixes various bugs. Highlights include:

• Improved reliability of the Config Server client.
• Updated to non-vulnerable OpenTelemetry packages.
• Added new APIs to support service discovery in Aspire.
• Added support to define your own credential mapping logic for Connectors.

What's Changed

• Fix awkward sentences in comments by @bart-vmware in #1650
• Use source generators for logging and regular expressions by @bart-vmware in #1652
• Port: Fix broken documentation in Steeltoe 4.x by @bart-vmware in #1655
• Use json source generator by @bart-vmware in #1656
• Fix binding options against null values by @bart-vmware in #1663
• Fix Eureka Dynamic Port Assignment overriding user-configured ports by @TimHess in #1666
• Config Server stability improvements by @bart-vmware in #1667
• Add missing logger categories in appsettings auto-completion by @bart-vmware in #1669
• Add IDiscoveryClient.InstancesFetched event by @bart-vmware in #1672
• Follow-up changes for new IDiscoveryClient.InstancesFetched event by @bart-vmware in #1677
• Gracefully handle access token fetch failure in Eureka and Config Server by @bart-vmware in #1679
• Connectors: add option to turn off the built-in post-processors by @bart-vmware in #1680
• Bump OpenTelemetry dependencies to fix vulnerabilities by @bart-vmware in #1685
• Fix invalid links by @bart-vmware in #1690
• Package updates by @bart-vmware in #1694
• Fix CA1873: Potentially expensive logging by @bart-vmware in #1695
• Ignore case when comparing Connector configuration keys by @bart-vmware in #1700
• Fix crash on shutdown: Eureka trying to unregister app that never registered by @bart-vmware in #1705
• Fix management port isolation bypass by @TimHess in b7ca93c
• Fix Eureka DataCenterInfo poisoning by @TimHess in c34a739
• Enhance /env sanitizer by @TimHess in e50cd31
• Require FULL Permissions on /env, /threaddump, /heapdump by default by @TimHess in b39defa
• Fix Vault token leak on HTTP redirect by @TimHess in 64ed5ff
• Harden temporary files written by MySQL/PostgreSQL Connectors by @bart-vmware in 8dd97cc
• Fix unexpected OAEP algorithm downgrade by @TimHess in 6cfee5c
• Placeholder resolution should only be logged at trace-level by @TimHess in 463dcbc
• Add expiration to JWT/OpenID keys caching by @TimHess and @bart-vmware in 04db2ac

Full Changelog: 4.1.0...4.2.0

3.4.0

Steeltoe 3.4 improves overall security and updates all vulnerable dependencies. As a result:

• .NET 6 is no longer targeted, because no compatible non-vulnerable version of OpenTelemetry exists.
• .NET 8 support was added for Integration/Messaging/Stream.
• Updated KubernetesClient library may result in behavior changes.
• The versions of System/Microsoft libraries for the NetStandard target were updated.

For the full details of runtime and package changes, see #1688.

What's Changed

• Bump 3x vulnerable dependencies; drop net60 by @bart-vmware in #1688
• Fix management port isolation bypass by @TimHess in 4cbc352
• Fix Eureka DataCenterInfo poisoning by @TimHess in b8ed855
• Enhance /env sanitizer by @TimHess in bef9f14
• Require FULL Permissions on /env, /threaddump, /heapdump by default by @TimHess in da6c604
• Fix Vault token leak on HTTP redirect by @TimHess in 610ebde
• Add expiration to JWT/OpenID keys caching by @TimHess and @bart-vmware in 17b27b8

Full Changelog: 3.3.0...4.3.0

4.1.0

Steeltoe 4.1 adds full support for .NET 10 and fixes minor bugs. By explicitly targeting net10.0, consumers benefit from the latest compiler and runtime optimizations. We enhanced internal logic and added a few public APIs to facilitate the upcoming integration with Aspire. This release also adds a new contributor to the /actuator/info endpoint, which shows details about the .NET runtime and operating system.

What's Changed

• Remove placeholder packages that were added to help migrate from 3.x by @bart-vmware in #1590
• Update 3.x compatibility in README.md by @TimHess in #1592
• Consul: fix invalid port number in app registration by @bart-vmware in #1596
• Service Discovery: Expose Instance ID in IServiceInstance by @bart-vmware in #1597
• Exclude Aspire resolver from Eureka internal HttpClient by @bart-vmware in #1598
• Set templated=false for all management endpoints by @TimHess in #1600
• Expose secure/non-secure URIs on service instance, optimize Eureka by @bart-vmware in #1604
• Lower the level of recurring logging to reduce noise in apps by @bart-vmware in #1608
• Guard usages of BindConfiguration by @bart-vmware in #1609
• Update dump dependencies, fix gcdump by @bart-vmware in #1611
• Add public method to convert InstanceInfo to EurekaServiceInstance by @bart-vmware in #1613
• Update Steeltoe for .NET 10 by @bart-vmware in #1615
• Fix gcdump publish and transitive references by @bart-vmware in #1619
• Fix actuators when used with UsePathBase by @bart-vmware in #1618
• Accept null tags/meta in Consul responses by @bart-vmware in #1631
• Configuration Schema Generator: Port changes from Aspire by @bart-vmware in #1634
• Fix scoped ASP.NET health checks, correct AddHealthContributor docs by @bart-vmware in #1636
• Add .NET runtime information to /info actuator endpoint by @TimHess in #1640
• Enable skipping ASP.NET health checks at actuator endpoint by @bart-vmware in #1644
• Update non-exposed dependencies by @bart-vmware in #1646

Full Changelog: 4.0.0...4.1.0

4.0.0

Steeltoe 4 is a major release that brings many improvements and changes to the library. The goal of this release is to make Steeltoe better integrated in the .NET ecosystem in a more developer-friendly way, compatible with the latest versions of .NET and third-party libraries/products, and to improve the overall quality of the library.

This is the first generally available release for Steeltoe 4.0. Review What's New in Steeltoe 4 for more information about all the improvements. If you are currently using Steeltoe v3, review Migrating from Steeltoe 3 for step-by-step guidance.

For packages that no longer exist, this release ships placeholders that will fail the build with pointers on how to move forward.

What's Changed

• Add a roadmap for 4.1.0 by @TimHess in #1551
• Add workflow to scan for vulnerable dependencies by @bart-vmware in #1563
• Public API diffs by @bart-vmware in #1564
• Fixed crash in RabbitMQ connector by @bart-vmware in #1569
• Crashfix in Config Server client when Environment is a comma-separated list by @bart-vmware in #1567
• Remove custom JsonStreamConfigurationProvider/Source by @bart-vmware in #1576
• Enhance JWT issuer validation by @TimHess in #1580
• Mark Public APIs as shipped for Steeltoe 4.0.0 by @bart-vmware in #1585

Full Changelog: 4.0.0-rc1...4.0.0

3.3.0

Introduction

This release supports .NET 8 (except for Integration, Messaging and Stream packages) and drops support for .NET Core 3.1. CVEs in transitive dependencies have been addressed. These updates required upgrading OpenTelemetry, which is a breaking change. As a result of the OpenTelemetry upgrade, we had to remove Jaeger support from Steeltoe; please see the OpenTelemetry or Jaeger documentation for how to use OTLP. Additionally, Steeltoe Security components now fully support running against a local UAA server and samples have been updated accordingly.

This release will be supported for one year, providing time for migration to Steeltoe 4.0.

What's Changed

• Fix loss of indication to use ampqs by @TimHess in #1495
• Updates for Steeltoe v3.3 by @bart-vmware in #1556
• Add obsoletions for OpenTelemetry and the metrics actuator by @bart-vmware in #1559
• Remove explicit package versions from project files by @bart-vmware in #1561
• Fix transitive vulnerable dependencies 3x by @bart-vmware in #1562
• Constrain the maximum RabbitMQ version for Hystrix and Messaging/Stream by @bart-vmware in #1577
• Small enhancements to Security components, primarily for local, non-https UAA by @TimHess in #1574
• Fix RabbitMQ connection issue by @TimHess in #1584

Full Changelog: 3.2.8...3.3.0

4.0.0-rc1

For testing the latest build from the main branch, we changed the Azure DevOps feed URL. See https://github.com/SteeltoeOSS/Steeltoe?tab=readme-ov-file#pre-release-packages.

What's Changed

• Ensure HTTP header values are redacted by @bart-vmware in #1490
• Allow network share paths with disk health contributor, better exceptions for WindowsNetworkFileShare by @TimHess in #1503
• Enhancements for Spring Boot Admin registration by @bart-vmware in #1508
• Async refactorings by @bart-vmware in #1513
• Fix generation of local certificate files when running from publish directory by @bart-vmware in #1514
• Memory dump fixes/enhancements by @bart-vmware in #1517
• Align Cloud Controller response handling with Spring, improve tests by @TimHess in #1521
• Improve management test coverage by @bart-vmware in #1520
• Update connector brokers by @bart-vmware in #1528
• Account for ASP.NET Core changes around proxy header handling by @TimHess in #1525
• Improve Common.Certificates internals and tests by @TimHess in #1523

Full Changelog: 4.0.0-beta1...4.0.0-rc1

4.0.0-beta1

Steeltoe 4 is a major release that brings many improvements and changes to the library. The goal of this release is to make Steeltoe better integrated in the .NET ecosystem in a more developer-friendly way, compatible with the latest versions of .NET and third-party libraries/products, and to improve the overall quality of the library.

---

• Read the documentation for what's new in 4.0
• Get started with Steeltoe Initializr
• See it in action with Steeltoe 4.0 Samples

Contributors to this release

@bart-vmware, @cieciurm, @davgia, @dtillman, @bart-vmware, @fennekit, @hananiel, @macsux, @ccheetham, @TimHess, @thompson-tomo

Full Changelog: 3.2.0...4.0.0-beta1

3.2.8

What's Changed

• Adjust Eureka uri logging in 3x by @TimHess in #1324

Full Changelog: 3.2.7...3.2.8

3.2.7

What's Changed

• Backport IDisposable ConfigProviders to 3.2 by @TimHess in #1230
• Provide parameterless MapAllActuators() for .NET 6 by @TimHess in #1233
• Consul :: Add tests to cover health check path being used when heartbeat is off by @cieciurm in #1245
• #984 single file publish works with Service connectors by @thompson-tomo in #1237
• Add CorsPolicyBuilder to WebApp/WebHost extensions by @cieciurm in #1256
• Support for application configuration service in 3.2 line by @TimHess in #1269
• More consistent AuthenticationBuilder extensions by @TimHess in #1286

Full Changelog: 3.2.6...3.2.7

3.2.6

What's Changed

• Fix issues with refresh polling by @douggish in #1219

Full Changelog: 3.2.5...3.2.6