Releases: smithy-lang/smithy-rs
Release list
July 14th, 2026
New this release:
-
🎉 (server, @lauzadis) Support enum-typed members in server event stream unions. Previously, the server codegen rejected any model with an
enum-trait shape reachable through an event stream, flagging it as an unsupported constraint. Theenumtrait is now excluded from that check, and the generated code is updated so it actually compiles and behaves correctly: event stream members skip theMaybeConstrained/builder unconstrained-type wrapping, and the generated unmarshaller callsbuild()on the parsed payload so a constraint violation surfaces as an unmarshalling error. Related: smithy-lang/smithy#1388. -
🎉 (server, @lauzadis) Add a
codegen.allowMissingUnionVariantconfiguration (boolean, defaultfalse). Whentrue, a union JSON body whose object did not set any recognized variant (e.g.{}or{"unknownKey": ...}) parses toOk(None)rather than returning a deserialization error. Opt in only for services that have shipped clients depending on the lenient behavior. Client codegen is unaffected. -
🎉 (client, aws-sdk-rust#146) Add support for third-party libraries to self-identify in the SDK user agent via framework metadata, addressing the long-standing request to customize the user agent (aws-sdk-rust#146).
A new public
FrameworkMetadatatype (re-exported asaws_config::FrameworkMetadataand on each client'sconfigmodule) can be set on the client config builder, onSdkConfig, and viaaws_config::ConfigLoader::framework_metadata:let config = aws_config::from_env() .framework_metadata(FrameworkMetadata::new("some-framework", Some("1.0"))?) .load() .await;
Framework metadata is additive — multiple libraries (and the application) can each self-identify without clobbering one another. The name/version are validated against the same charset as
AppName(rejecting, not sanitizing, invalid characters to prevent header injection). TheUserAgentInterceptorde-duplicates entries on(name, version)preserving first-seen order, caps the total at 10 unique entries, and renders each aslib/{name}/{version}in thex-amz-user-agentheader. -
🐛 (all, smithy-rs#4435) Gate event-stream
try_recv_initialto RPC protocols (awsJson,awsQuery,rpcv2Cbor) on both the client fluent builder and the server protocol generator. Previously, all event-stream operations performed an unconditionaltry_recv_initial, which can hang indefinitely on REST-bound operations whose streams take a long time to produce their first event. This change is a stopgap; the planned permanent fix tracked in #4435 will instead surface initial messages only when explicitly requested.
Contributors
Thank you for your contributions! ❤
July 7th, 2026
Breaking Changes:
⚠️ (all, smithy-rs#4692) Upgrade MSRV to Rust 1.94.1.
New this release:
- 🎉 (client, smithy-rs#4726, @mark-creamer-amazon) Add
keys()JMESPath function support for union shapes in waiter matchers. This enables waiters to match on the active variant of a union usingkeys(unionField)with theallStringEqualsoranyStringEqualscomparators. - 🐛 (server, @lauzadis) Soften the server codegen's handling of unknown
codegenconfiguration keys: log a warning instead of throwingIllegalArgumentException. This makes server codegen forward-compatible withsmithy-build.jsonfiles that carry keys recognized by other tools or by future server codegen versions, matching the lenient behavior already used for client codegen settings. - 🐛 (all, aws-sdk-rust#1433, aws-sdk-rust#1418, @iconara) Update the
User-Agentheader to contain the same information as thex-amz-user-agentheader (includingAppName, environment metadata, business metrics, etc.) - 🐛 (all, smithy-rs#4729) Fix codegen emitting integer literals for f64/f32 non-zero default value comparisons in serializers. When a Smithy model specifies a non-zero
@defaulton a Double or Float member using a JSON integer (e.g.,1instead of1.0), the generated "skip if default" check producedif value != 1which fails to compile in Rust. The fix appends_f64/_f32type suffixes to the rendered default value.
Contributors
Thank you for your contributions! ❤
June 11th, 2026
New this release:
- 🎉 (all, smithy-rs#4473, @ethoman) Add CBOR encoding and decoding support for
BigIntegerusing CBOR tags 2 (positive bignum) and 3 (negative bignum) as specified by RFC 8949 §3.4.3 and the Smithy RPC v2 CBOR protocol. Values that fit in CBOR major types 0 or 1 use preferred serialization (plain integers) instead of bignum tags.
Contributors
Thank you for your contributions! ❤
June 1st, 2026
New this release:
-
🎉 (all, @dnorred) Implement
serde::Serializerandserde::Deserializertraits foraws_smithy_types::Document, allowing it to be used as a self-describing data format. This enables converting anySerializetype into aDocumentviato_document()and deserializing aDocumentinto anyDeserializetype viafrom_document(). -
🎉 (server, smithy-rs#4640) Add
requestBodyMaxBytescodegen setting to limit the size of non-streaming request bodies buffered into memory. When set, requests exceeding the limit are rejected with a 400 response before additional data is read. This prevents memory-exhaustion denial-of-service attacks via unboundedTransfer-Encoding: chunkedbodies. The default is0(no limit) for backwards compatibility. Streaming operations are unaffected.To enable, add to your
smithy-build.json:{ "codegen": { "requestBodyMaxBytes": 2097152 } } -
🎉 (server, smithy-rs#4669, @amodam-user) Server-generated Rust enums for named Smithy
@enumshapes now additionally deriveCopy. Server enums are closed (noUnknown(...)fallback) and contain only unit variants, so they are universallyCopy-eligible. Unnamed@enumstring shapes are unaffected because they generate aStringnewtype that cannot beCopy. -
🎉 (client, smithy-rs#4662, @jcdyer) # Add
tls::rustls::CryptoMode::Custom(rustls::crypto::CryptoProvider)to allow custom TLS handlingThis enables custom tls handling through the mechanisms enabled by rustls, including support for custom
providers likerustls-openssl. -
🐛 (client) Improve the
Debugoutput of HTTPHeadersandRequestinaws-smithy-runtime-apito redact values of headers commonly used to carry sensitive data. The header name remains visible and the value is replaced with a placeholder that includes the original byte length to preserve diagnostic utility. Theaws-sigv4signer applies the same redaction when logging the canonical request. The plainDisplayimpl onCanonicalRequestis unchanged to preserve the raw canonical form used by downstream consumers. -
🐛 (client) Fix paginator codegen for operations whose
@paginatedoutputTokentargets a@requiredmember. Previously, the generatedsrc/lens.rsborrowing accessor emitted a direct field access (input.field) instead of a reference (&input.field) for required members, causing a type mismatch (Option<&String>vsString). -
🐛 (client, @PeterUlb) Fix
ConnectorBuilder::default()to enableTCP_NODELAYby default. Previously, the auto-derivedDefaultimpl leftenable_tcp_nodelayatfalse, while the curatedConnector::builder()initialized it totrue. TheDefaultimpl onConnectorBuilderis now hand-written to matchConnector::builder(), so all construction paths, including the SDK'sdefault_https_client, getenable_tcp_nodelay = trueconsistently. WithoutTCP_NODELAY, Nagle's algorithm can hold small writes in the kernel waiting for ACKs; on request shapes emitted as multiple small sub-MSS writes, such as the tested HTTP/2 small-body SDK path where HEADERS and DATA are flushed separately, this can add roughly one RTT plus delayed-ACK time. Callers who relied on the previous unintendedenable_tcp_nodelay = falsedefault ofConnectorBuilder::default()can restore that behavior with.enable_tcp_nodelay(false).
Contributors
Thank you for your contributions! ❤
May 19th, 2026
New this release:
- 🐛 (client, smithy-rs#4632) Fix adaptive retry rate limiter to never allow negative token bucket capacity. Previously,
acquire_permission_to_send_a_requestunconditionally deducted the request cost even when returning a delay, causing capacity to go negative. With multiple concurrent tasks, this produced cascading sleep times proportional to the number of tasks (e.g., task 50 sleeping 100s), leading to near-zero request rates that never recovered after a throttling event. Now, capacity is only deducted when a token is actually granted, and the orchestrator re-acquires after sleeping to account for concurrent state changes. - 🐛 (server, smithy-rs#4634, @jlizen) Strip trailing whitespace from generated Rust code. Smithy's
AbstractCodeWriteradds indentation to blank lines, producing whitespace-only lines that causecargo fmtto fail witherror[internal]: left behind trailing whitespace. - (client, @lnj) Optimized BDD endpoint resolution performance by replacing HashMap-based auth schemes with a typed
EndpointAuthSchemestruct, inlining the BDD evaluation loop, and adding a single-entry endpoint cache. The BDD resolver is now up to 49% faster than the original implementation and outperforms the tree-based resolver on most benchmarks. - 🐛 (client, smithy-rs#4614, @lnj) Fix
ProfileFileCredentialsProviderso that profile-leveluse_fips_endpointanduse_dualstack_endpointsettings are propagated to the internal STS client used during assume-role credential chaining. Previously these settings were only applied when the provider was built throughaws_config::ConfigLoader::load, so users constructingProfileFileCredentialsProviderdirectly via its builder would see STS requests go to non-FIPS / non-dual-stack endpoints even when the selected profile enabled them.
Contributors
Thank you for your contributions! ❤
April 16th, 2026
Breaking Changes:
- 🐛
⚠️ (client) Now files written by the SDK (like credential caches) are created with file
permissions0o600on unix systems. This could break customers who were relying
on the visibility of those files to other users on the system.
New this release:
- 🎉 (client, smithy-rs#4521) Add
sigv4a_signing_region_setclient configuration. Supports programmatic, environment variable (AWS_SIGV4A_SIGNING_REGION_SET), and shared config file (sigv4a_signing_region_set) configuration. User-provided values now take priority over endpoint-resolved values. - 🐛 (client, smithy-rs#4340) Prevent memory leak in identity cache when overriding credentials via
config_override. Eachconfig_overridethat sets a credentials provider now uses an operation-scoped identity cache instead of the shared client-level cache, preventing unbounded partition growth. Additionally, the client-level identity cache now enforces a configurablemax_partitionscap (default: 64) as a safety net. - 🐛 (client, smithy-rs#4596, aws-sdk-rust#1423, @annahay4) Fix
TokenBucket::is_full()andTokenBucket::is_empty()to convert fractional tokens into whole permits before checking availability. Previously, accumulated fractional tokens from success rewards were not accounted for, causing these methods to return incorrect results. - 🐛 (client, smithy-rs#4587) Upgrade
sha2from 0.10.x to 0.11.x. The previous version defaulted to software-based compression instead of hardware-accelerated compression, resulting in lower throughput. The new version automatically detects and uses hardware-accelerated instructions when available. - (client, smithy-rs#4591) Optimize
Encoder::str()andEncoder::blob()by collapsing multiplewrite_allcalls into a single buffer operation. This bypasses minicbor's generic writer to write the CBOR type+length header and payload directly into the underlyingVec<u8>, improving performance on serialization-heavy hot paths. - 🐛 (all, smithy-rs#4572, @jlizen) Re-export
EventStreamSenderfrom generated SDK crates when the service uses event streams, so users do not need a direct dependency onaws-smithy-httpto construct event stream responses. - 🐛 (client, smithy-rs#4599) Fix waiter codegen failure when JMESPath
&&or||expressions have non-boolean operands (e.g., a list field used as a truthiness check). Non-boolean types are now coerced to booleans using JMESPath truthiness rules: arrays and strings check!is_empty(), all other non-null types are truthy. - 🐛 (client, smithy-rs#4431, @jlizen) Add missing
EventOrInitial,EventOrInitialMarshaller, andEventStreamSender::into_innertoaws-smithy-legacy-httpevent_stream module, fixing compilation failures in generated SDKs that reference these types.
Contributors
Thank you for your contributions! ❤
March 16th, 2026
New this release:
- 🐛 (client) Fix null value handling in dense collections: SDK now correctly rejects null values in non-sparse collections instead of silently dropping them.
March 2nd, 2026
New this release:
- 🐛 (client, smithy-rs#4429) Fix bug where initial-request messages in event stream operations are not signed.
February 16th, 2026
New this release:
- 🎉 (server, smithy-rs#4494) Automatically add
smithy.framework#ValidationExceptionto operations with constrained inputs. Previously, users had to either setaddValidationExceptionToConstrainedOperations: truein codegen settings or manually addValidationExceptionto each operation. Now this happens automatically unless a custom validation exception (a structure with the@validationExceptiontrait) is defined in the model. When using a custom validation exception, users must explicitly add it to each applicable operation. TheaddValidationExceptionToConstrainedOperationsflag is deprecated.
February 10th, 2026
Breaking Changes:
⚠️ (all) Upgrade MSRV to Rust 1.91.0.