fix(deps): update rust crate salvo to 0.88.0 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
salvo (source)	dependencies	minor	0.37.9 → 0.88.0

GitHub Vulnerability Alerts

CVE-2026-22257

Summary

The function list_html generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file.

Details

The vulnerable snippet of code is the following:
dir.rs

// ... fn list_html(...
        let mut link = "".to_owned();
        format!(
            r#"<a href="/">{}</a>{}"#,
            HOME_ICON,
            segments
                .map(|seg| {
                    link = format!("{link}/{seg}");
                    format!("/<a href=\"{link}\">{seg}</a>")
                })
                .collect::<Vec<_>>()
                .join("")
        )
// ...

PoC

POC1.mp4

Here is the example app we used:

mian.rs

use salvo::prelude::*;
use salvo::serve_static::StaticDir;
use std::path::PathBuf;
use tokio::fs;

const INDEX_HTML: &str = r#"<!doctype html>
<html>
  <head><meta charset="utf-8"><title>StaticDir PoC</title></head>
  <body>
    <h2>Upload a file</h2>
    <form action="/upload" method="post" enctype="multipart/form-data">
      <input type="file" name="file" />
      <button type="submit">Upload</button>
    </form>

    <p>Browse uploads:</p>
    <ul>
      <li><a href="/files">/files</a></li>
      <li><a href="/files/">/files/</a></li>
    </ul>
  </body>
</html>
"#;

#[handler]
async fn index(res: &mut Response) {
    res.render(Text::Html(INDEX_HTML));
}

#[handler]
async fn upload(req: &mut Request, res: &mut Response) {
    fs::create_dir_all("uploads").await.expect("create uploads dir");

    let form = match req.form_data().await {
        Ok(v) => v,
        Err(e) => {
            res.status_code(StatusCode::BAD_REQUEST);
            res.render(Text::Plain(format!("form_data parse failed: {e}")));
            return;
        }
    };

    let Some(file_part) = form.files.get("file") else {
        res.status_code(StatusCode::BAD_REQUEST);
        res.render(Text::Plain("missing file field (name=\"file\")"));
        return;
    };

    let original_name = file_part.name().unwrap_or("upload.bin");

    let mut dest = PathBuf::from("uploads");
    dest.push(original_name);

    let tmp_path = file_part.path();
    if let Err(e) = fs::copy(tmp_path, &dest).await {
        res.status_code(StatusCode::INTERNAL_SERVER_ERROR);
        res.render(Text::Plain(format!("save failed: {e}")));
        return;
    }

    res.render(Text::Plain(format!(
        "Uploaded as: {original_name}\nNow open: http://127.0.0.1:5800/files/\n"
    )));
}

#[tokio::main]
async fn main() {
    tracing_subscriber::fmt().init();
    fs::create_dir_all("uploads").await.expect("create uploads dir");

    let router = Router::new()
        .get(index)
        .push(Router::with_path("upload").post(upload))
        .push(
            Router::with_path("files/{**rest_path}")
                .get(StaticDir::new("uploads").auto_list(true)),
        );

    let acceptor = TcpListener::new("127.0.0.1:5800").bind().await;
    Server::new(acceptor).serve(router).await;
}

Cargo.toml

[package]
name = "poc"
version = "0.1.0"
edition = "2024"

[dependencies]
salvo = { version = "0.85.0", features = ["serve-static"] }
tokio = { version = "1", features = ["macros", "rt-multi-thread", "fs"] }
tracing-subscriber = "0.3"

Impact

JavaScript execution, most likely leading to an account takeover, depending on the site's constraint (CSP, etc…).

CVE-2026-22256

Summary

The function list_html generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML view (current.path). The only constraint here is for the root path (e.g., /files in the PoC example) to have a subdirectory (e. g., common ones like styles/scripts/etc.) so that the matching returns the list HTML page instead of the Not Found page.

Details

The vulnerable snippet of code is the following:
dir.rs

// ... fn list_html(...
    let mut ftxt = format!(
        r#"<!DOCTYPE html><html><head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width">
        <title>{}</title>
        <style>{}</style></head><body><header><h3>Index of: {}</h3></header><hr/>"#,
        current.path,
        HTML_STYLE,
        header_links(&current.path)
    );
// ...

As seen here <title>{}</title> it is inserted unsafely.

PoC

salvo_poc.mp4

Here is the example app, note this doesn’t need an upload feature (e.g to the other reported vulnerability), only the sub-folder is required.

main.rs

use salvo::prelude::*;
use salvo::serve_static::StaticDir;
use tokio::fs;

#[tokio::main]
async fn main() {
    tracing_subscriber::fmt().init();
    fs::create_dir_all("uploads").await.expect("create uploads dir");

    let router = Router::new()
        .push(
            Router::with_path("files/{**rest_path}")
                .get(StaticDir::new("uploads").auto_list(true)),
        );

    let acceptor = TcpListener::new("127.0.0.1:5800").bind().await;
    Server::new(acceptor).serve(router).await;
}

Cargo.toml

[package]
name = "salvo-staticdir-xss-poc"
version = "0.1.0"
edition = "2024"

[dependencies]
salvo = { version = "0.85.0", features = ["serve-static"] }
tokio = { version = "1", features = ["macros", "rt-multi-thread", "fs"] }
tracing-subscriber = "0.3"

Setup commands:

mkdir uploads
mkdir uploads/bla

Impact

JavaScript execution, most likely leading to an account takeover, depending on the site's constraint (CSP, etc…).

---

Release Notes

salvo-rs/salvo (salvo)

v0.88.1

Compare Source

What's Changed

• Add Salvo + PostgreSQL + SeaORM Boilerplate Example by @​darixsamani in #​1264
• Adopt Workspace Dependencies for Improved Cargo Configuration by @​darixsamani in #​1277
• example code format by @​chrislearn in #​1278
• Always encode filename in error page by @​chrislearn in #​1279
• change rustfmt config by @​chrislearn in #​1280

Full Changelog: salvo-rs/salvo@v0.88.0...v0.88.1

v0.88.0

Compare Source

What's Changed

• Fix etag still being added even when use_etag(false) is called in NamedFileBuilder by @​cnlancehu in #​1265
• Use saysion for async-session unmaintained by @​chrislearn in #​1272
• Remove rustls-pemfile as unmaintained by @​chrislearn in #​1270
• fix salvo-proxy panic with rustls error by @​chrislearn in #​1276

Full Changelog: salvo-rs/salvo@v0.87.1...v0.88.0

v0.87.1

Compare Source

What's Changed

• Update examples dependencies by @​chrislearn in #​1262
• Fix error import in 0.87.0 by @​cnlancehu in #​1263

Full Changelog: salvo-rs/salvo@v0.87.0...v0.87.1

v0.87.0

Compare Source

What's Changed

• feat: added alias support with serde by @​yohannlog in #​1253
• Update swagger-ui to v5.31.0 by @​tyreseluo in #​1254
• feat(oapi-macros): Supports using expressions in tags and adjusts the generation logic by @​tyreseluo in #​1258
• Close HTTP/3 Response stream properly by @​cnlancehu in #​1259
• Allow user switch ring and aws-lc-rs by @​chrislearn in #​1261

New Contributors

• @​yohannlog made their first contribution in #​1253
• @​tyreseluo made their first contribution in #​1254

Full Changelog: salvo-rs/salvo@v0.86.0...v0.87.0

v0.86.0

Compare Source

What's Changed

• Update example code structure and clippy by @​chrislearn in #​1237
• Upgrade rust version to 1.89 by @​chrislearn in #​1238
• Use SALVO_STATUS_ERROR to control default error page by @​chrislearn in #​1240
• Upgrade salvo-http3 to 0.7.0 by @​chrislearn in #​1241
• Add generic paramer to HyperClient by @​chrislearn in #​1242
• fix(proxy): fix URL parsing in forward request construction by @​18o in #​1244
• Fix some bug and complete integration of test for users endpoints by @​darixsamani in #​1245
• cargo clippy by @​chrislearn in #​1246
• fix: improper use of AllOf in nullable property schema generation by @​AdamBryantLaunchWindow in #​1247
• Improve example code structure by @​chrislearn in #​1248

New Contributors

• @​AdamBryantLaunchWindow made their first contribution in #​1247

Full Changelog: salvo-rs/salvo@v0.85.0...v0.86.0

v0.85.0

Compare Source

What's Changed

• feat: pass req and depot into Upstreams::elect to allow more flexible upstream election by @​r00t3g in #​1225
• feat: introduce a Proxy::host_header_getter method to alter the way host header is propagated to the upstream by @​r00t3g in #​1228
• cargo fmt and typo fix by @​chrislearn in #​1229
• feat: Implement client IP forwarding support by @​r00t3g in #​1230
• feat: add support for multiple and wildcard SNI names in keycerts by @​cnlancehu in #​1232
• Add Salvo Postgres Diesel Boilerplate Example by @​darixsamani in #​1233
• use [name].rs instead of mod.rs by @​chrislearn in #​1235

New Contributors

• @​r00t3g made their first contribution in #​1225
• @​cnlancehu made their first contribution in #​1232
• @​darixsamani made their first contribution in #​1233

Full Changelog: salvo-rs/salvo@v0.84.2...v0.85.0

v0.84.2

Compare Source

What's Changed

• chore(deps): update jsonwebtoken requirement from 9 to 10 by @​dependabot[bot] in #​1217
• Format Cargo.toml by @​chrislearn in #​1221
• fix: MimeType detection is broken with compression by @​chrislearn in #​1223

Full Changelog: salvo-rs/salvo@v0.84.1...v0.84.2

v0.84.1

Compare Source

What's Changed

• chore(deps): update tokio-tungstenite requirement from 0.27 to 0.28 by @​dependabot[bot] in #​1209
• improve NamedFile and embed file detect text content type by @​chrislearn in #​1210
• Detect correct mime for all text type by @​chrislearn in #​1211
• chore(deps): update opentelemetry-* requirement from 0.30 to 0.31 by @​chrislearn in #​1215
• Remove unused bason dependency by @​chrislearn in #​1216

Full Changelog: salvo-rs/salvo@v0.84.0...v0.84.1

v0.84.0

Compare Source

What's Changed

• chore(deps): update x509-parser requirement from 0.17 to 0.18 by @​dependabot[bot] in #​1192
• Use async function for cors predicate by @​chrislearn in #​1193
• Refactor cors and add Cors::allow_private_network by @​chrislearn in #​1194
• Fix extract option field compile error by @​chrislearn in #​1197
• Add some unit tests by @​chrislearn in #​1198
• Add unit test for extractible by @​chrislearn in #​1204
• Change port in example to 8698 to avoid port blocked by @​chrislearn in #​1205
• chore(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update by @​dependabot[bot] in #​1206
• Update SwaggerUI to v5.29.0 by @​chrislearn in #​1208

Full Changelog: salvo-rs/salvo@v0.83.0...v0.84.0

v0.83.0

Compare Source

What's Changed

• oapi: Remove ToArray trait by @​chrislearn in #​1190
• cargo clippy by @​chrislearn in #​1191

Full Changelog: salvo-rs/salvo@v0.82.0...v0.83.0

v0.82.0

Compare Source

What's Changed

• limit MaxConcurrency by @​zaijie1213 in #​1168
• 日志和respons 中追加requestid by @​zaijie1213 in #​1170
• Allow set basicauth realm value by @​chrislearn in #​1173
• Add OpenApi validation documentation support for NewType pattern structs by @​arfath-linklet in #​1174
• cargo clippy by @​chrislearn in #​1178
• Add into_boxed function to acceptors and add DynTcpAcceptors by @​chrislearn in #​1180
• Remove AsyncRead and AsyncWrite constraint from Acceptor by @​chrislearn in #​1181
• cargo clippy --all-features by @​chrislearn in #​1182
• Add rust-version to examples Cargo.toml by @​chrislearn in #​1184

New Contributors

• @​zaijie1213 made their first contribution in #​1168
• @​arfath-linklet made their first contribution in #​1174

Full Changelog: salvo-rs/salvo@v0.81.0...v0.82.0

v0.81.0

Compare Source

What's Changed

• Add unix-sock-client to the full futures for salvo-proxy by @​18o in #​1160
• imp Debug for Types and stricter clippy rules by @​chrislearn in #​1163
• Update Swagger UI to v5.27.0 by @​chrislearn in #​1164
• Add typo github actions by @​chrislearn in #​1165

Full Changelog: salvo-rs/salvo@v0.80.0...v0.81.0

v0.80.0

Compare Source

What's Changed

• Do not log H3_NO_ERROR by @​Deniskore in #​1144
• Make JoinedAcceptor and AcmeAcceptor public by @​chrislearn in #​1147
• Update salvo-captcha repository URL by @​TheAwiteb in #​1151
• chore(deps): update tokio-tungstenite requirement from 0.26 to 0.27 by @​dependabot in #​1153
• chore(deps): update rcgen requirement from 0.13 to 0.14 by @​dependabot in #​1154
• chore(deps): update socket2 requirement from 0.5 to 0.6 by @​dependabot in #​1156
• fix: Extractible derive by @​lywa1998 in #​1157
• Add unix sock support for proxy by @​18o in #​1158
• fix ci and add unix-sock-client feature by @​chrislearn in #​1159

New Contributors

• @​Deniskore made their first contribution in #​1144
• @​lywa1998 made their first contribution in #​1157

Full Changelog: salvo-rs/salvo@v0.79.0...v0.80.0

v0.79.0

Compare Source

What's Changed

• Update req.rs. Spell mistake. by @​lazyanubis in #​1118
• chore(deps): update brotli requirement from 7 to 8 by @​dependabot in #​1119
• chore(deps): update serde-xml-rs requirement from 0.6 to 0.7 by @​dependabot in #​1120
• Update req.rs. Spell mistake. by @​lazyanubis in #​1121
• chore(deps): update nix requirement from 0.29 to 0.30 by @​dependabot in #​1124
• Upgrade salvo-http3 to 0.6.0 by @​chrislearn in #​1130
• Potential fix for code scanning alert no. 1: Workflow does not contain permissions by @​chrislearn in #​1131
• Enhanced support for anyhow::Error, (fixed anyhow fmt) by @​xiuno in #​1126
• Fix: impl Scribe for anyhow::Error{} by @​xiuno in #​1134
• Add content-range support for static_embed by @​18o in #​1135
• chore(deps): update opentelemetry-* requirement from 0.29 to 0.30 by @​chrislearn in #​1141
• Disable TLS 1.2 as default by @​chrislearn in #​1142
• Add support set tls versions for RustlsConfig by @​chrislearn in #​1143

New Contributors

• @​xiuno made their first contribution in #​1126

Full Changelog: salvo-rs/salvo@v0.78.0...v0.79.0

v0.78.0

Compare Source

What's Changed

• Update opentelemetry-* to 0.29 by @​chrislearn in #​1087
• Default enable http and https for proxy client by @​chrislearn in #​1089
• cargo clippy and code format by @​chrislearn in #​1090
• chore(deps): update mime-infer requirement from 3 to 4 by @​dependabot in #​1091
• Update catcher.rs. Add detail field to function status_error_json. by @​Moeweb647252 in #​1100
• Remove meaningless content when cause or detail is None by @​chrislearn in #​1112
• oapi: Only wan if parameters not exist in debug mode by @​chrislearn in #​1114
• Spell mistake. by @​lazyanubis in #​1093 #​1094 #​1095 #​1096 #​1097 #​1098 #​1099 #​1101 #​1102 #​1103 #​1104 #​1105 #​1107 #​1110 #​1109 #​1108 #​1111

New Contributors

• @​Moeweb647252 made their first contribution in #​1100

Full Changelog: salvo-rs/salvo@v0.77.1...v0.78.0

v0.77.1

Compare Source

What's Changed

• set listener.set_nonblock to true in listenfd sample by @​prabirshrestha in #​1077
• upgrade salvo-http3 to 0.5.0 by @​chrislearn in #​1080

Full Changelog: salvo-rs/salvo@v0.77.0...v0.77.1

v0.77.0

Compare Source

What's Changed

• fix: spelling mistake by @​lazyanubis in #​1048
• typo: fix typo in server::ServerHandle::stop_graceful by @​YBoy-git in #​1049
• chore(deps): update opentelemetry-* requirement from 0.27 to 0.28 by @​chrislearn in #​1053
• docs(examples): Annotate a,b,g,h prefixed examples with code comments by @​Jinzedev in #​1055
• Replace serde_yaml with serde_norway by @​sycute in #​1056
• docs(examples): Annotate c,d prefixed examples with code comments by @​Jinzedev in #​1057
• Update to Rust Edition 2024 by @​chrislearn in #​1061
• Update opentelemetry-prometheus to 0.28 by @​chrislearn in #​1064
• Update openssl to 0.10.71 by @​chrislearn in #​1063
• Remove use types that have been imported by default by @​chrislearn in #​1065
• fix incorrect comment by @​Li-Eto-Demerzel in #​1066
• Correct spelling and grammar errors in comments and strings. by @​chrislearn in #​1067
• chore(deps): update compact_str requirement from 0.8 to 0.9 by @​dependabot in #​1069
• Improve document by @​chrislearn in #​1070
• Replace example with link to docs by @​tennox in #​1072
• Remove #[handler] and #[endpoint] in its generted code by @​chrislearn in #​1074
• add mvt server to ecosystem by @​josejachuf in #​1075

New Contributors

• @​YBoy-git made their first contribution in #​1049
• @​Jinzedev made their first contribution in #​1055
• @​sycute made their first contribution in #​1056
• @​Li-Eto-Demerzel made their first contribution in #​1066
• @​tennox made their first contribution in #​1072

Full Changelog: salvo-rs/salvo@v0.76.2...v0.77.0

v0.76.2

Compare Source

What's Changed

• fix(404 error): on the todo example by @​gustavbrlty in #​1035
• chore(deps): update rand requirement from 0.8 to 0.9 by @​chrislearn in #​1037
• chore(deps): update bcrypt requirement from 0.16 to 0.17 by @​dependabot in #​1039
• chore(deps): update x509-parser requirement from 0.16 to 0.17 by @​dependabot in #​1038
• fix spelling mistake by @​lazyanubis in #​1040
• fix spelling mistake by @​lazyanubis in #​1041
• perf: move the error variable position by @​lazyanubis in #​1043
• fix: spelling mistake by @​lazyanubis in #​1044
• fix: openssl lifetime issue when use version 0.10.70 by @​chrislearn in #​1046
• fix: bug with colliding headers in salvo-proxy by @​markcda in #​1045

New Contributors

• @​gustavbrlty made their first contribution in #​1035
• @​lazyanubis made their first contribution in #​1040

Full Changelog: salvo-rs/salvo@v0.76.1...v0.76.2

v0.76.1

Compare Source

What's Changed

• Adding 'System-Monitor-Server' project case. by @​SimonYen in #​1027
• Modify reqwest features to use rustls for TLS by @​houseme in #​1028
• fix matched-path bug by @​chrislearn in #​1033

New Contributors

• @​SimonYen made their first contribution in #​1027

Full Changelog: salvo-rs/salvo@v0.76.0...v0.76.1

v0.76.0

Compare Source

What's Changed

• fix: conflict with serde deny_unknown_fields attr by @​Samyak2 in #​1015
• fix(oapi): Inconsistent separator in some oapi macros by @​chrislearn in #​1017
• Change routing path parameter syntax style by @​chrislearn in #​1018
• Get matched route path information by @​chrislearn in #​1020
• Release from tag by @​chrislearn in #​1021
• Update salvo-http3 to 0.4.0 by @​chrislearn in #​1022
• feat: add matched-path features in Cargo.toml by @​immno in #​1023
• feat: support compact_str for oapi by @​Yvictor in #​1024
• chore(deps): update compact_str requirement from 0.7 to 0.8 by @​dependabot in #​1025

New Contributors

• @​Yvictor made their first contribution in #​1024

Full Changelog: salvo-rs/salvo@v0.75.0...v0.76.0

v0.75.0

Compare Source

What's Changed

• Update README.md by @​Type1J in #​1007
• Update opentelemetry-prometheus to 0.27 by @​chrislearn in #​1009
• chore(deps): update tokio-tungstenite requirement from 0.24 to 0.25 by @​chrislearn in #​1010
• chore(deps): update tokio-tungstenite requirement from 0.25 to 0.26 by @​chrislearn in #​1012
• feat: impl ToSchema for Ipv4Addr, Ipv6Addr, IpAddr by @​Samyak2 in #​1014

New Contributors

• @​Type1J made their first contribution in #​1007
• @​Samyak2 made their first contribution in #​1014

Full Changelog: salvo-rs/salvo@v0.74.3...v0.75.0

v0.74.3

Compare Source

What's Changed

• chore(deps): update opentelemetry dependencies by @​chrislearn in #​989
• docs: update ECOSYSTEM.md with new sections and format corrections by @​houseme in #​990
• Introducing Salvo Guru on Gurubase.io by @​kursataktas in #​991
• chore(deps): update bcrypt requirement from 0.15 to 0.16 by @​dependabot in #​995
• Update sqlx to 0.8.2 by @​chrislearn in #​996
• fix: http range header is not correct by @​chrislearn in #​1004

New Contributors

• @​kursataktas made their first contribution in #​991

Full Changelog: salvo-rs/salvo@v0.74.2...v0.74.3

v0.74.2

Compare Source

What's Changed

• Add rust-version = { workspace = true } to crates Cargo.toml by @​chrislearn in #​975
• fix(proxy): Ignore case of WS upgrade type (#​974) by @​mwxxhdb in #​976
• fix: feature force-https should depends on salvo_core/rustls by @​chrislearn in #​978
• fix: remove test features to dev by @​immno in #​979
• chore(deps): update thiserror requirement from 1 to 2 by @​dependabot in #​980
• fix(core): fix HoopedHandler::handle FlowCtrl by @​andeya in #​981
• Add License to crates Readme by @​chrislearn in #​983
• fix: StatusCode 405 is not set correctly by @​chrislearn in #​984
• Update SwaggerUI to v5.18.2 by @​chrislearn in #​985

New Contributors

• @​mwxxhdb made their first contribution in #​976
• @​immno made their first contribution in #​979

Full Changelog: salvo-rs/salvo@v0.74.1...v0.74.2

v0.74.1

Compare Source

What's Changed

• fix: cargo build fail by @​847850277 in #​966
• fix docs by @​markcda in #​967
• fix: correct typos and update URLs in README.md by @​houseme in #​968
• fix docs by @​houseme in #​969
• fix: Request::try_all_files is not work correctly by @​chrislearn in #​970
• fix: content disposition filename should quoted by @​chrislearn in #​971

New Contributors

• @​847850277 made their first contribution in #​966
• @​houseme made their first contribution in #​968

Full Changelog: salvo-rs/salvo@v0.74.0...v0.74.1

v0.74.0

Compare Source

What's Changed

• chore(deps): update brotli requirement from 6.0 to 7.0 by @​dependabot in #​941
• chore(deps): Update opentelemetry-* to 0.26 by @​chrislearn in #​944
• chore(craft-macros): Improve the compatibility of generic parameters. by @​andeya in #​946
• Parse url query array style like ids=[1,2,3] by @​chrislearn in #​947
• ParseError message format by @​chrislearn in #​949
• chore(core::writing): Do not forcibly overwrite the content-type and optimize the code. by @​andeya in #​950
• chore(core::writing): try_set_header add #[inline(always)] by @​andeya in #​951
• chore: Use let _ = ... to replace result.ok(). by @​chrislearn in #​954
• display actual number of connections; don't wait if stop_forcible by @​davehorner in #​957
• Add the ArcHandler that wraps another [Handler] to enable it to be cloneable. by @​andeya in #​958
• fix typo challenge

New Contributors

• @​davehorner made their first contribution in #​957

Full Changelog: salvo-rs/salvo@v0.73.0...v0.74.0

v0.73.0

Compare Source

What's Changed

• Make Filter::filter async by @​chrislearn in #​933
• chore(craft-macros): Support generic parameters. by @​andeya in #​934
• fix: Accepting a Browser Initiated WebTransport Session Always Fails by @​chrislearn in #​935
• chore(craft-macros): When self.0 is shadowed, it is convenient to directly call the self.deref() method. by @​andeya in #​936
• chore(craft-macros): Improve the robustness of extracting attributes. by @​andeya in #​937
• chore(craft-macros): Add #[allow(non_camel_case_types)] by @​andeya in #​938
• chore(NamedFile): Skip write content-type if it exists by @​chrislearn in #​939

Full Changelog: salvo-rs/salvo@v0.72.4...v0.73.0

v0.72.4

Compare Source

What's Changed

• Remove name conflict example by @​chrislearn in #​922
• fix: service hoops can not get status code correctly by @​chrislearn in #​925
• Set default status code to 200 after goal executed by @​chrislearn in #​926
• chore(otel): Treat status_code=none as 200(OK) by @​andeya in #​927
• Refactor Path Filter and CombWisp by @​chrislearn in #​928
• Add more try_* fns to Request by @​chrislearn in #​929
• Refactor Path filter and remove useless lifetime by @​chrislearn in #​930
• Fix with_host and add with_port by @​chrislearn in #​931

Full Changelog: salvo-rs/salvo@v0.72.3...v0.72.4

v0.72.3

Compare Source

What's Changed

• feat: Add salvo-craft-macros, solve the issue #​919 by @​andeya in #​920
• Set craft as optional feature by @​chrislearn in #​921

New Contributors

• @​andeya made their first contribution in #​920

Full Changelog: salvo-rs/salvo@v0.72.2...v0.72.3

v0.72.2

Compare Source

What's Changed

• doc: add with-sentry example by @​Vision-Zhang in #​914
• fix: Status Code not set correct when not found by @​chrislearn in #​918

New Contributors

• @​Vision-Zhang made their first contribution in #​914

Full Changelog: salvo-rs/salvo@v0.72.1...v0.72.2

v0.72.1

Compare Source

What's Changed

• chore: Update opentelemetry-* dependencies by @​chrislearn in #​907
• fix: higher-ranked lifetime error regarding config_stream by @​aoiryc in #​909
• chore(deps): update tokio-tungstenite requirement from 0.23 to 0.24 by @​dependabot in #​910
• impl Display and Debug for Text and Json by @​chrislearn in #​912
• security fix: Jump out of the serve dir to access files on server by @​chrislearn in [#​913](https://redirect.github.com/salvo-rs/salvo/

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.