Recent changes
⚠️ Security Release This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963. What's Changed chore: Fix port parsing by @jsumners in #6603 chore: upgrade to typescript v6.0.2 by @Tony133 in #6605 fix: restore trustProxy function for number and st…
Full Changelog: v5.8.3...v5.8.4
⚠️ Security Release This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf. What's Changed docs(readme): add @Tony133 to plugin team by @Tony133 in #6565 Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to sho…
What's Changed docs(ecosystem): add @yeliex/fastify-problem-details by @yeliex in #6546 Revert "chore: upgrade borp to v1.0.0" by @climba03003 in #6564 docs: document body validation with custom content type parsers by @mcollina in #6556 d…
⚠️ Security Release Fixes "Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation": GHSA-573f-x89g-hqp9. CVE-2026-3419 Full Changelog: v5.8.0...v5.8.1
What's Changed docs(request): add host security warning references by @mcollina in #6476 docs: fix note style by @Fdawgs in #6487 chore: rename deploy website ci by @Eomm in #6492 chore: support pino v9 and v10 by @mcollina in #6496 chore:…
Full Changelog: v5.7.3...v5.7.4
⚠️ Security Release Fix GHSA-mrq3-vjjr-p77c CVE-2026-25224. What's Changed docs: update Reply.send() documentation for string serialization by @mcollina in #6466 chore: ignore agents config files by @mcollina in #6474 docs: update vulnerab…
⚠️ Notice ⚠️ Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted. What's Changed chore: npm ignore AI related files by @climba030…
What's Changed chore: Bump actions/checkout from 5 to 6 by @dependabot[bot] in #6434 chore: updated version in the fastify.js by @Tony133 in #6446 Full Changelog: v5.7.0...v5.7.1
