Never miss a release that matters
AI-powered summaries of every GitHub release.
AI Summaries
Changelogs condensed into clear, actionable insights.
Always Free
Track up to 5 packages at no cost, forever.
Weekly Digest
A curated summary of every release, delivered weekly.
TL;DR
Koa now correctly handles requests with Content-Length headers exceeding 2GB, preventing potential crashes or unexpected behavior when receiving large uploads.
Fixes Worth Knowing
Large request bodies are now processed correctly. This resolves an issue where requests with Content-Length greater than 2GB would cause errors.
TL;DR
Koa now prevents a critical security vulnerability (Host Header Injection) that could allow malicious actors to redirect users or perform other attacks.
Fixes Worth Knowing
A security issue with ctx.hostname has been resolved, preventing potential Host Header Injection attacks.
Before You Upgrade
Review your application's reliance on ctx.hostname and ensure it's not used in security-sensitive contexts.
TL;DR
Koa 3 introduces a new request handling pipeline based on Async Functions, improving performance and middleware compatibility.
Breaking
- Removed
context.request.URL(use standard URL API). - Middleware now requires Async Function support (functions using
async/await).
New
- Implemented a new request pipeline (improves request processing).
- Added support for native ES6 Promises (enhanced asynchronous operations).
Fixes Worth Knowing
- Fixed an issue where redirect values were incorrectly rendered in anchor references.
Before You Upgrade
- Ensure all middleware is updated to use Async Functions.
- Update any code using
context.request.URLto the standard URL API.