Fastify Release Notes

Notice

⚠️ Notice ⚠️

Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted.

What's Changed

• chore: npm ignore AI related files by @climba03003 in #6447
• chore: update sponsor url by @Eomm in #6450
• docs: add fastify-http-exceptions to Ecosystem.md by @bhouston in #6442
• docs: fix invalid shorten form schema example by @climba03003 in #6448
• docs: Simplify and tighten decorators example by @smith558 in #6451
• docs: Fix incorrect variable use by @smith558 in #6455
• chore: update sponsor link by @Eomm in #6460
• fix: Fix MIT Licence file to conform to standard by @smith558 in #6464
• docs: move querystringParser option under routerOptions by @inyourtime in #6463
• chore: Updated content-type header parsing by @jsumners in #6414

New Contributors

• @bhouston made their first contribution in #6442

Full Changelog

v5.7.1...v5.7.2

What's Changed

• docs: Improved firebase serverless guide about process remaining stuck by @alexandercerutti in #6380
• docs: update migration guide with date-time breaking change by @craftsman01 in #6110
• chore: remove test file by @Eomm in #6384
• feat: speed up loading with custom compiler by @Eomm in #6383
• docs: replace all instances of twitter.com with x.com by @cseas in #6355
• docs: correct logger option in example by @inyourtime in #6391
• docs: fix links by @Shriti507 in #6394
• chore: skip unnecessary object creation by @Eomm in #6400
• docs: Update JSON Schema link in documentation by @jon23d in #6402
• docs(ecosystem): add fastify-ses-mailer by @KaranHotwani in #6395
• docs: add security note about validation errors in response by @mcollina in #6407
• docs: add security threat model by @mcollina in #6406
• chore: update onboarding and offboarding instructions by @Eomm in #6403
• fix: set status code before publishing diagnostics error channel by @tt-a1i in #6412
• fix: use JSON.stringify in onBadUrl for proper escaping by @mcollina in #6420
• chore: fix type test by @mrazauskas in #6418
• docs: improve Validation-and-Serialization.md by @twentytwo777 in #6423
• test: skip IPv6 test if its support is not present by @LiviaMedeiros in #6428
• test: fix test when localhost has multiple addresses by @LiviaMedeiros in #6427
• docs: add security warning for requestIdHeader by @mcollina in #6425
• docs(ecosystem): add elements-fastify by @rohitsoni007 in #6416
• chore: Bump actions/dependency-review-action from 4.8.1 to 4.8.2 by @dependabot[bot] in #6433
• chore: Bump markdownlint-cli2 from 0.18.1 to 0.20.0 by @dependabot[bot] in #6436
• chore: Bump @types/node from 24.10.4 to 25.0.3 in the dev-dependencies-typescript group by @dependabot[bot] in #6435
• fix(ts): Align routerOptions defaultRoute types with runtime by @AnkanMisra in #6392
• fix(types): require send() payload when Reply type is specified by @tt-a1i in #6432
• fix: ajv options type validation by @gianmarco27 in #6437
• docs: add non-vulnerability examples to threat model by @RafaelGSS in #6431
• feat: implement conditional request logging by @kibertoad in #5732
• docs(sponsor): add serpapi by @Eomm in #6443
• perf: use native WebStream API instead of Readable.fromWeb wrapper by @mcollina in #6444

New Contributors

• @craftsman01 made their first contribution in #6110
• @cseas made their first contribution in #6355
• @Shriti507 made their first contribution in #6394
• @jon23d made their first contribution in #6402
• @KaranHotwani made their first contribution in #6395
• @tt-a1i made their first contribution in #6412
• @mrazauskas made their first contribution in #6418
• @twentytwo777 made their first contribution in #6423
• @rohitsoni007 made their first contribution in #6416
• @AnkanMisra made their first contribution in #6392
• @gianmarco27 made their first contribution in #6437

Full Changelog: v5.6.2...v5.7.0

What's Changed

• refactor: rename source file names with kebab-case by @jean-michelet in #6331
• ci(ci): check dependabot prs originate from repo by @Fdawgs in #6330
• fix: accept htab ows by @jean-michelet in #6303
• fix: handle non FastifyErrors in custom handler properly, set type of error-parameter for setErrorHandler and errorHandler to unknown, but configurable via generic TError by @Uzlopak in #6308
• build(deps-dev): remove @fastify/pre-commit by @Fdawgs in #6319
• ci: improve citgm workflows by @Uzlopak in #6334
• docs: explain stream error handling by @lundibundi in #5746
• fix: error throwing in reply by @juanlet in #6299
• refactor: delegate options processing to a dedicated function by @jean-michelet in #6333
• ci: remove label of citgm only on pull_request.labeled, add options for workflow_dispatch by @Uzlopak in #6335
• chore: Bump actions/checkout from 4 to 5 by @dependabot[bot] in #6343
• chore: Bump joi from 17.13.3 to 18.0.1 by @dependabot[bot] in #6347
• chore: Bump lycheeverse/lychee-action from 2.4.1 to 2.6.1 by @dependabot[bot] in #6345
• chore: Bump actions/dependency-review-action from 4.7.1 to 4.8.0 by @dependabot[bot] in #6344
• chore: Bump actions/labeler from 5 to 6 by @dependabot[bot] in #6341
• chore: Bump actions/setup-node from 4 to 5 by @dependabot[bot] in #6342
• chore: Bump actions/github-script from 7 to 8 by @dependabot[bot] in #6340
• docs: mention that addHttpMethod override existing methods by @jean-michelet in #6350
• chore: remove reference to simple-get by @ilteoood in #6353
• chore: remove commented tests by @ilteoood in #6352
• fix: respect child logger factory in fastify options by @cysp in #6349
• docs(ecosystem): adding attaryz/fastify-devtools to community plugins by @attaryz in #6339
• docs: remove ambiguity from statement by @udohjeremiah in #6360
• chore: add @fastify/sse as fastify core plugin to documentation and citgm by @manshusainishab in #6364
• docs(guides/fluent-schema): replace last nb usage by @Fdawgs in #6365
• style(ci): remove whitespace from concurrency group by @Fdawgs in #6366
• docs: Fix broken link to TypeBox doc website wrt AJV setup by @melroy89 in #6367
• docs(reference/plugins): mention async plugins by @Fdawgs in #6357
• chore: add max-len ESLint rule with 120 character limit by @emicovi in #6221
• chore: Bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] in #6374
• chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group by @dependabot[bot] in #6378
• chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 by @dependabot[bot] in #6375
• chore: Bump tsd from 0.32.0 to 0.33.0 in the dev-dependencies-typescript group by @dependabot[bot] in #6346
• chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 by @dependabot[bot] in #6377
• fix: handle web stream payload in HEAD route by @orionmiz in #6372
• chore: Bump actions/setup-node from 5 to 6 by @dependabot[bot] in #6376
• chore: Bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in #6379
• fix: parse ipv6 hostname by @jean-michelet in #6373
• fix: consistent error handling for custom validators in async validation contexts by @emicovi in #6247

New Contributors

• @juanlet made their first contribution in #6299
• @cysp made their first contribution in #6349
• @attaryz made their first contribution in #6339
• @udohjeremiah made their first contribution in #6360
• @manshusainishab made their first contribution in #6364
• @orionmiz made their first contribution in #6372

Full Changelog: v5.6.1...v5.6.2

What's Changed

• fix: fix typo of deprecation warning FSTDEP022 by @Uzlopak in #6313
• docs(decorators): fix TypeScript inconsistency by @emicovi in #6224
• chore: fix typos by @deining in #6316
• docs(security): add secondary contact/security escalation policy by @UlisesGascon in #6315
• chore(gha): remove benchmark github workflows by @Eomm in #6322
• chore(sponsor): add lambdatest by @Eomm in #6324
• fix: (types) allow FastifySchemaValidationError[] as an error by @gurgunday in #6326
• fix: correct session.close() context in http2 timeout handler by @David-van-der-Sluijs in #6327
• fix: close http2 sessions on close server by @kostyak127 in #6137

New Contributors

• @deining made their first contribution in #6316
• @UlisesGascon made their first contribution in #6315
• @David-van-der-Sluijs made their first contribution in #6327
• @kostyak127 made their first contribution in #6137

Full Changelog: v5.6.0...v5.6.1

What's Changed

• fix: update typescript pino type to pick by @dancastillo in #6287
• feat(types): router option types by @dancastillo in #6282
• fix(types): Fix use of "esModuleInterop: false" by @joshkel in #6292
• docs: fix typo in Reference: TypeScript.md by @hmanzoni in #6302
• docs: clarify router performance note by @Prasad2604 in #6306

New Contributors

• @joshkel made their first contribution in #6292
• @hmanzoni made their first contribution in #6302
• @Prasad2604 made their first contribution in #6306

Full Changelog: v5.5.0...v5.6.0

What's Changed

• docs: fix markdown linting issue by @Uzlopak in #6175
• chore: removed simple-get from mkcalendar tests by @ilteoood in #6199
• chore: removed simple-get from versioned-routes tests by @ilteoood in #6202
• chore: removed simple-get from hooks tests by @ilteoood in #6210
• fix: close pipelining test by @ilteoood in #6204
• chore: removed simple-get from unlock test by @ilteoood in #6178
• chore: removed simple-get from use-semicolon-delimiter tests by @ilteoood in #6203
• chore: removed simple-get from custom-https-server tests by @ilteoood in #6201
• chore: remove simple-get from custom parser 5 by @ilteoood in #6172
• chore: removed simple-get from head tests by @ilteoood in #6196
• chore: removed simple-get from request id tests by @ilteoood in #6193
• chore: remove simple get from custom parser 1 by @ilteoood in #6167
• chore: removed simple-get from custom-parser-0 by @ilteoood in #6168
• chore: remove simple-get from custom parser 2 by @ilteoood in #6169
• chore: remove simple-get from custom parser 4 by @ilteoood in #6171
• chore: removed simple-get from promises test by @ilteoood in #6183
• chore: removed simple-get from move test by @ilteoood in #6179
• chore: remove simple-get from custom querystring parser by @ilteoood in #6166
• chore: remove simple-get from propfind by @ilteoood in #6174
• chore: removed simple-get from case insensitive test by @ilteoood in #6188
• chore: remove simple get from async-await tests by @ilteoood in #6165
• chore: removed simple-get from header overflow test by @ilteoood in #6190
• chore: removed simple-get from check test by @ilteoood in #6176
• chore: removed simple-get from async hooks test by @ilteoood in #6189
• feat(types): export more schema related types by @marcalexiei in #6207
• chore: removed simple-get from copy tests by @ilteoood in #6198
• chore: removed simple-get from request-error test by @ilteoood in #6184
• chore: removed simple-get from decorator tests by @ilteoood in #6192
• ci: pin third-party actions to commit-hash by @Fdawgs in #6218
• fix: close fastify instance by @ilteoood in #6177
• chore(license): replace date range by @Fdawgs in #6219
• chore: removed simple-get from plugin-1 test by @ilteoood in #6180
• chore: removed simple-get from plugin-2 test by @ilteoood in #6181
• chore: removed simple-get from plugin-3 test by @ilteoood in #6182
• chore: remove simple get from reply test by @ilteoood in #6160
• feat(types): add missing error types by @davidwood in #6217
• docs: setErrorHandler description by @AlvesJorge in #6227
• docs: fix onError hook execution order documentation by @emicovi in #6225
• fix: handle abort signal in fastify.listen by @climba03003 in #6235
• feat: prepare to use Promise.withResolvers by @climba03003 in #6232
• docs: updated SECURITY.md by @Eomm in #6233
• fix(docs): fix markdown to exclude leading parenthesis by @IanWoodard in #6238
• ci: fix thollander/actions-comment-pull-request commit-hash by @Fdawgs in #6244
• docs(routes): add payload to preParsing signature by @callmehiphop in #6240
• docs(ecosystem): add fastify-route-preset plugin by @inyourtime in #6220
• chore: remove simple get from async request, get and register... by @ilteoood in #6246
• docs: improve custom validator documentation for async hooks by @emicovi in #6228
• chore: remove simple get from route shorthand by @ilteoood in #6245
• chore: Bump @stylistic/eslint-plugin from 4.4.1 to 5.1.0 in the dev-dependencies-eslint group by @dependabot[bot] in #6242
• chore: Bump @types/node from 22.15.34 to 24.0.8 in the dev-dependencies-typescript group by @dependabot[bot] in #6243
• chore(tests): remove simple get by @ilteoood in #6249
• chore: finally remove simple get by @ilteoood in #6251
• chore: remove undici from schema-validation.test.js by @Uzlopak in #6252
• test: fix flakyness of close-pipelining-test, upgrade undici to v7 by @Uzlopak in #6256
• fix: account for EPIPE fetch errors in tests by @gurgunday in #6255
• docs: correct parameter name in frameworkErrors handler by @inyourtime in #6257
• docs: fix server page headings level by @golopot in #6258
• fix: add FST_ERR_CTP_INVALID_JSON_BODY by @Uzlopak in #5925
• feat: optimize content type parser by using AsyncResource.bind() by @gurgunday in #6262
• fix: remove unnecessary body length check in contentTypeParser by @gurgunday in #6266
• docs(ecosystem): add fastify-multilingual by @gbrugger in #6268
• chore: fix docs Request.md by @ts0307 in #6270
• chore: Bump typescript from 5.8.3 to 5.9.2 in the dev-dependencies-typescript group by @dependabot[bot] in #6273
• chore: Bump cross-env from 7.0.3 to 10.0.0 by @dependabot[bot] in #6274
• feat(types): enforce reply status code types with type providers by @samchungy in #6250
• feat: move router options to own key by @dancastillo in #5985
• docs: refine CONTRIBUTING.md for better readability by @Dipali127 in #6277
• chore: refactor reply.send and prioritize kReplyIsError by @gurgunday in #6267
• docs(ecosystem): add fastify-permissions plugin by @pckrishnadas88 in #6265
• docs: Add Hey API to ecosystem by @mrlubos in #6280
• fix: OPTIONS Content-Type handling by @gurgunday in #6263

New Contributors

• @marcalexiei made their first contribution in #6207
• @davidwood made their first contribution in #6217
• @AlvesJorge made their first contribution in #6227
• @emicovi made their first contribution in #6225
• @IanWoodard made their first contribution in #6238
• @callmehiphop made their first contribution in #6240
• @golopot made their first contribution in #6258
• @gbrugger made their first contribution in #6268
• @ts0307 made their first contribution in #6270
• @Dipali127 made their first contribution in #6277
• @pckrishnadas88 made their first contribution in #6265
• @mrlubos made their first contribution in #6280

Full Changelog: v5.4.0...v5.5.0

What's Changed

• test: mv routes-* from tap by @jean-michelet in #6092
• test: mv skip-reply-send from tap by @jean-michelet in #6094
• test: mv plugins from tap by @jean-michelet in #6088
• fix(ci): ignore alternative runtime result by @Eomm in #6125
• test: mv schema-* from tap by @jean-michelet in #6093
• test: mv hooks-async from tap by @jean-michelet in #6084
• fix(types): add missing version to request.routeOptions by @inyourtime in #6126
• docs: remove fastify-sentry plugin by @dnlup in #6131
• docs: add community plugins disclaimer by @jean-michelet in #6132
• docs: use cross-platform compatible info emoji by @Fdawgs in #6134
• perf: nits in reply.js by @Cangit in #6136
• docs: join core team by @jean-michelet in #6142
• docs: fix typo in hash.digest function by @piotr-cz in #6145
• test: mv hooks from tap by @jean-michelet in #6087
• test: improve issue 4959 unit test by @Uzlopak in #6147
• chore: Bump markdownlint-cli2 from 0.17.2 to 0.18.1 by @dependabot in #6150
• chore: remove dependencie tap and others updated by @Tony133 in #6148
• fix: hook async flaky by @ilteoood in #6155
• chore: Bump lycheeverse/lychee-action from 2.4.0 to 2.4.1 by @dependabot in #6151
• chore: removing simple-get from allow-unsafe-regex by @ilteoood in #6154
• chore: remove simple get on 404s test file by @ilteoood in #6153
• chore: remove simple-get in handle-request.test.js by @ilteoood in #6159
• chore: remove simple-get from url-rewriting by @ilteoood in #6163
• chore: remove simple-get in report.test.js by @ilteoood in #6157
• chore: remove simple-get from custom parser async by @ilteoood in #6164
• chore: removed simple-get from mkcol tests by @ilteoood in #6194
• chore: removed simple-get from proto-poisoning test by @ilteoood in #6185
• ci: Added Node.js v24 by @mcollina in #6113
• chore: removed simple-get from nullable validation test by @ilteoood in #6191
• feat: configure errorhandler override by @jean-michelet in #6104
• chore: remove simple-get from search test by @ilteoood in #6158
• chore: remove simple get from secure with fallback test by @ilteoood in #6162
• chore: removed simple-get from als test by @ilteoood in #6187
• chore: remove simple-get from listen 4 by @ilteoood in #6173
• fix: do not freeze request.routeOptions by @mcollina in #6141
• chore: removed simple-get from sync-delay-request tests by @ilteoood in #6212
• chore: removed simple-get from output-validation tests by @ilteoood in #6213
• chore: removed simple-get from async-delay-request tests by @ilteoood in #6211
• chore: removed simple-get from body-limit tests by @ilteoood in #6209
• chore: removed simple-get from trust-proxy tests by @ilteoood in #6205
• chore: removed simple-get from proppatch tests by @ilteoood in #6200
• chore(ci): cleanup citgm.yml by @Eomm in #6195
• chore: removed simple-get from https tests by @ilteoood in #6197
• chore: removed simple-get from lock test by @ilteoood in #6186

Full Changelog: v5.3.3...v5.4.0