April 16th, 2026
Breaking Changes:
- 🐛
⚠️ (client) Now files written by the SDK (like credential caches) are created with file
permissions0o600on unix systems. This could break customers who were relying
on the visibility of those files to other users on the system.
New this release:
- 🎉 (client, smithy-rs#4521) Add
sigv4a_signing_region_setclient configuration. Supports programmatic, environment variable (AWS_SIGV4A_SIGNING_REGION_SET), and shared config file (sigv4a_signing_region_set) configuration. User-provided values now take priority over endpoint-resolved values. - 🐛 (client, smithy-rs#4340) Prevent memory leak in identity cache when overriding credentials via
config_override. Eachconfig_overridethat sets a credentials provider now uses an operation-scoped identity cache instead of the shared client-level cache, preventing unbounded partition growth. Additionally, the client-level identity cache now enforces a configurablemax_partitionscap (default: 64) as a safety net. - 🐛 (client, smithy-rs#4596, aws-sdk-rust#1423, @annahay4) Fix
TokenBucket::is_full()andTokenBucket::is_empty()to convert fractional tokens into whole permits before checking availability. Previously, accumulated fractional tokens from success rewards were not accounted for, causing these methods to return incorrect results. - 🐛 (client, smithy-rs#4587) Upgrade
sha2from 0.10.x to 0.11.x. The previous version defaulted to software-based compression instead of hardware-accelerated compression, resulting in lower throughput. The new version automatically detects and uses hardware-accelerated instructions when available. - (client, smithy-rs#4591) Optimize
Encoder::str()andEncoder::blob()by collapsing multiplewrite_allcalls into a single buffer operation. This bypasses minicbor's generic writer to write the CBOR type+length header and payload directly into the underlyingVec<u8>, improving performance on serialization-heavy hot paths. - 🐛 (all, smithy-rs#4572, @jlizen) Re-export
EventStreamSenderfrom generated SDK crates when the service uses event streams, so users do not need a direct dependency onaws-smithy-httpto construct event stream responses. - 🐛 (client, smithy-rs#4599) Fix waiter codegen failure when JMESPath
&&or||expressions have non-boolean operands (e.g., a list field used as a truthiness check). Non-boolean types are now coerced to booleans using JMESPath truthiness rules: arrays and strings check!is_empty(), all other non-null types are truthy. - 🐛 (client, smithy-rs#4431, @jlizen) Add missing
EventOrInitial,EventOrInitialMarshaller, andEventStreamSender::into_innertoaws-smithy-legacy-httpevent_stream module, fixing compilation failures in generated SDKs that reference these types.
Contributors
Thank you for your contributions! ❤