Bump the gradle-deps group with 9 updates

[dependabot]

Bumps the gradle-deps group with 9 updates:

Package	From	To
org.jetbrains.kotlinx:kotlinx-serialization-core	1.9.0	1.10.0
org.jetbrains.kotlinx:kotlinx-serialization-json	1.9.0	1.10.0
gradle-wrapper	9.0.0	9.3.0
ch.qos.logback:logback-classic	1.5.25	1.5.26
org.assertj:assertj-core	3.27.6	3.27.7
io.ktor:ktor-server-core	3.3.3	3.4.0
io.ktor:ktor-server-netty	3.3.3	3.4.0
io.ktor:ktor-server-status-pages	3.3.3	3.4.0
io.ktor:ktor-server-html-builder	3.3.3	3.4.0

Updates org.jetbrains.kotlinx:kotlinx-serialization-core from 1.9.0 to 1.10.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-core's releases.

1.10.0

This release is based on Kotlin 2.3.0 and contains all of the changes from 1.10.0-RC. The only additional change is a fix for ProtoBuf packing of Kotlin unsigned types (#3079). Big thanks to KosmX for contributing the fix.

For your convenience, the changelog for 1.10.0-RC is duplicated below:

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs. The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#3100)
• @EncodeDefault annotation and its modes. (#3106)
• JsonUnquotedLiteral constructor function (#2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed at helping you to catch bugs related to the accidentally ignored return value of the function. kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you can get warnings for unused function calls like Json.encodeToString(...). To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#2201).

Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes. For example, when root of your hierarchy is an interface, but most of your inheritors are sealed classes. The new function will register all known sealed subclasses for you, so you don’t need to list them one by one. This makes writing your SerializerModules much faster and simpler. Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#3105).

If a payload already contains a property with the same name as the configured discriminator (for example, type), it is called a class discriminator conflict. To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException. It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies. Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #1664 for details.

General improvements

• Add .serialName to MissingFieldException for clearer diagnostics. (#3114)
• Generate unique Automatic-Module-Name entries for metadata JARs. (#3109)
• Revised ProGuard rules and added R8 tests. (#3041)
• CBOR: Improved error message when a byte string/array type mismatch is encountered. (#3052)

Bugfixes

... (truncated)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-core's changelog.

1.10.0 / 2026-01-21

This release is based on Kotlin 2.3.0 and contains all of the changes from 1.10.0-RC. The only additional change is a fix for ProtoBuf packing of Kotlin unsigned types (#3079). Big thanks to KosmX for contributing the fix.

For your convenience, the changelog for 1.10.0-RC is duplicated below:

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs. The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#3100)
• @EncodeDefault annotation and its modes. (#3106)
• JsonUnquotedLiteral constructor function (#2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed at helping you to catch bugs related to the accidentally ignored return value of the function. kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you can get warnings for unused function calls like Json.encodeToString(...). To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#2201). Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes. For example, when root of your hierarchy is an interface, but most of your inheritors are sealed classes. The new function will register all known sealed subclasses for you, so you don’t need to list them one by one. This makes writing your SerializerModules much faster and simpler. Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#3105). If a payload already contains a property with the same name as the configured discriminator (for example, type), it is called a class discriminator conflict. To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException. It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies. Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #1664 for details.

General improvements

... (truncated)

Commits

• 370c4e3 Prepare 1.10.0 release (#3142)
• eaa4b0b Merge remote-tracking branch 'origin/master' into dev
• 0311f16 Fix ProtoBuf packing for kotlin unsigned types (#3079)
• a19df8c Add a disclaimer to "Other community-supported formats" section and slightly ...
• 2f8a874 Add JSON5 to community-supported formats (#3134)
• 975af2c Actualize releasing process document
• e8be81f Prepare 1.10.0-RC release
• e334d1c [CBOR] Fix various bugs in the decoder implementation
• d7ca108 Merge remote-tracking branch 'origin/master' into dev
• a5a3c97 IR inliner: Enable intra-module mode for kotlinx.serialization (#3128)
• Additional commits viewable in compare view

Updates org.jetbrains.kotlinx:kotlinx-serialization-json from 1.9.0 to 1.10.0

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's releases.

1.10.0

This release is based on Kotlin 2.3.0 and contains all of the changes from 1.10.0-RC. The only additional change is a fix for ProtoBuf packing of Kotlin unsigned types (#3079). Big thanks to KosmX for contributing the fix.

For your convenience, the changelog for 1.10.0-RC is duplicated below:

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs. The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#3100)
• @EncodeDefault annotation and its modes. (#3106)
• JsonUnquotedLiteral constructor function (#2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed at helping you to catch bugs related to the accidentally ignored return value of the function. kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you can get warnings for unused function calls like Json.encodeToString(...). To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#2201).

Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes. For example, when root of your hierarchy is an interface, but most of your inheritors are sealed classes. The new function will register all known sealed subclasses for you, so you don’t need to list them one by one. This makes writing your SerializerModules much faster and simpler. Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#3105).

If a payload already contains a property with the same name as the configured discriminator (for example, type), it is called a class discriminator conflict. To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException. It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies. Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #1664 for details.

General improvements

• Add .serialName to MissingFieldException for clearer diagnostics. (#3114)
• Generate unique Automatic-Module-Name entries for metadata JARs. (#3109)
• Revised ProGuard rules and added R8 tests. (#3041)
• CBOR: Improved error message when a byte string/array type mismatch is encountered. (#3052)

Bugfixes

... (truncated)

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-serialization-json's changelog.

1.10.0 / 2026-01-21

This release is based on Kotlin 2.3.0 and contains all of the changes from 1.10.0-RC. The only additional change is a fix for ProtoBuf packing of Kotlin unsigned types (#3079). Big thanks to KosmX for contributing the fix.

For your convenience, the changelog for 1.10.0-RC is duplicated below:

Stabilization of APIs

kotlinx-serialization 1.10 and subsequent releases will be focused on stabilization of existing APIs. The following APIs and configuration options are no longer experimental because they're widely used without any known major issues:

• Json configuration options: decodeEnumsCaseInsensitive, allowTrailingComma, allowComments, and prettyPrintIndent. (#3100)
• @EncodeDefault annotation and its modes. (#3106)
• JsonUnquotedLiteral constructor function (#2900)
• JsonPrimitive constructor function overloads that accept unsigned types. (#3117)
• JSON DSL functions on JsonElement with Nothing? overloads. (#3117)

Readiness for return value checker

Kotlin 2.3.0 introduces a new feature aimed at helping you to catch bugs related to the accidentally ignored return value of the function. kotlinx-serialization 1.10.0-RC code is fully marked for this feature, meaning that you can get warnings for unused function calls like Json.encodeToString(...). To get the warnings, the feature has to be enabled in your project as described here.

Polymorphism improvements

Polymorphic serialization received a couple of improvements in this release:

New subclassesOfSealed utility to automatically register sealed subclasses serializers in polymorphic modules (#2201). Use it in your SerializersModule when configuring a polymorphic hierarchy which contains both abstract and sealed classes. For example, when root of your hierarchy is an interface, but most of your inheritors are sealed classes. The new function will register all known sealed subclasses for you, so you don’t need to list them one by one. This makes writing your SerializerModules much faster and simpler. Big thanks to Paul de Vrieze for contributing this feature.

Class discriminator conflict check rework (#3105). If a payload already contains a property with the same name as the configured discriminator (for example, type), it is called a class discriminator conflict. To produce a correct output and allow more inputs to be deserialized at the same time, the following changes were made:

• Conflicts introduced by JsonNamingStrategy transformations are now detected during serialization as well and will cause SerializationException. It also affects non-polymorphic classes.
• Conflicts from ClassDisciminatorMode.ALL_JSON_OBJECTS and SerializersModuleBuilder.polymorphicDefaultSerializer are also detected.
• It is allowed to deserialize such a conflicting key for both sealed and open polymorphic hierarchies. Previously, it was possible in the sealed hierarchies alone due to missing assertion. See #1664 for details.

General improvements

... (truncated)

Commits

• 370c4e3 Prepare 1.10.0 release (#3142)
• eaa4b0b Merge remote-tracking branch 'origin/master' into dev
• 0311f16 Fix ProtoBuf packing for kotlin unsigned types (#3079)
• a19df8c Add a disclaimer to "Other community-supported formats" section and slightly ...
• 2f8a874 Add JSON5 to community-supported formats (#3134)
• 975af2c Actualize releasing process document
• e8be81f Prepare 1.10.0-RC release
• e334d1c [CBOR] Fix various bugs in the decoder implementation
• d7ca108 Merge remote-tracking branch 'origin/master' into dev
• a5a3c97 IR inliner: Enable intra-module mode for kotlinx.serialization (#3128)
• Additional commits viewable in compare view

Updates gradle-wrapper from 9.0.0 to 9.3.0

Updates ch.qos.logback:logback-classic from 1.5.25 to 1.5.26

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.26

2026-01-25 Release of logback version 1.5.26

• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in issues/1003 by Marius Hanl who also provided the relevant PR.

• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in issues/1002 by Christoph Gritschenberger.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 33deb54 prepare release 1.5.26
• d38a3e2 refactoring based on usage in logback-access
• 4368333 move VersionUtil.getCoreVersionBySelfDeclaredProperties to CoreVersionUtil
• 8bd5660 modify VersionCheckTest to use logback-core 1.5.25
• 7a8f0b6 version information is self declared by modules.
• 00d272f Do not use javax.naming namespace in the catch block, so that Logback can be ...
• 420d67c mention country only, add missing 2016-03-29
• 033aba4 fix javadoc errors
• 6d52744 start work on 1.5.26-SNAPSHOT
• See full diff in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-core from 3.3.3 to 3.4.0

Release notes

Sourced from io.ktor:ktor-server-core's releases.

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins
  • KTOR-9086 Read OpenAPI default content type information from ContentNegotiation plugin
  • KTOR-8859 Routing documentation compiler plugin
  • KTOR-8936 Routing documentation runtime API
  • KTOR-9087 Generate JSON schema for type references when using Jackson and Gson
• KTOR-7075 Zstd support
• KTOR-9209 Support Jackson 3
• KTOR-9198 Auth/Bearer: Make BearerAuthProvider detect disguised Bearer scheme
• KTOR-8927 Support for respondResource
• KTOR-9162 Auth API key plugin
• KTOR-7882 Support HTTP QUERY method
• KTOR-8195 Partial HTML response
• KTOR-8985 EngineMain: Support reading trust store settings from the configuration
• KTOR-9066 Add duplex streaming for OkHttpClient
• KTOR-8180 Auth: Provide control over tokens to user code
• KTOR-8273 iOS native interop for WebRTC client
• KTOR-8956 DI: Allow file configuration
• KTOR-9157 Support SIGINT on web and SIGTERM on Native

Improvements

• KTOR-8890 Rename target jsAndWasmShared to web
• KTOR-9242 Upgrade to Kotlin 2.3
• KTOR-9243 Update libcurl to 8.18.0
• KTOR-9014 Deprecate DarwinLegacy engine
• KTOR-8931 Test iOS target of the WebRTC Client in Ktor-Chat
• KTOR-9199 Make HttpHeaders strings const
• KTOR-9208 Expose plusIsSpace in parseUrlEncodedParameters
• KTOR-2404 Ktor Oauth2 feature sends 401 response when the client secret is invalid
• KTOR-9097 Java: Use HTTP/2 by default
• KTOR-8740 HTMX: Missing DSL for some attributes
• KTOR-9171 Redesign ByteReadChannel.readUTF8Line API
• KTOR-4219 Make readUTF8LineTo return number of read symbols instead of boolean
• KTOR-6761 Apache5: Simplify configuration of ConnectionManager
• KTOR-9037 Multipart/form-data: Make formData's block inline
• KTOR-9126 Missing function ByteReadChannel.readTo(sink: RawSink, byteCount: Long)
• KTOR-9026 Introduce/reuse interfaces for logging selectors
• KTOR-6766 Deprecate Apache 4 engine
• KTOR-8642 Excessive memory allocations while writing bytes into write channel of TCP/IP socket
• KTOR-9137 ByteReadChannel.readUTF8Line is inefficient for long lines
• KTOR-8657 Remove kotlinx-datetime from ktor-server-default-headers dependencies
• KTOR-8941 Add override DI conflict policy

Bugfixes

... (truncated)

Changelog

Sourced from io.ktor:ktor-server-core's changelog.

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins
  • KTOR-9086 Read OpenAPI default content type information from ContentNegotiation plugin
  • KTOR-8859 Routing documentation compiler plugin
  • KTOR-8936 Routing documentation runtime API
  • KTOR-9087 Generate JSON schema for type references when using Jackson and Gson
• KTOR-7075 Zstd support
• KTOR-9209 Support Jackson 3
• KTOR-9198 Auth/Bearer: Make BearerAuthProvider detect disguised Bearer scheme
• KTOR-8927 Support for respondResource
• KTOR-9162 Auth API key plugin
• KTOR-7882 Support HTTP QUERY method
• KTOR-8195 Partial HTML response
• KTOR-8985 EngineMain: Support reading trust store settings from the configuration
• KTOR-9066 Add duplex streaming for OkHttpClient
• KTOR-8180 Auth: Provide control over tokens to user code
• KTOR-8273 iOS native interop for WebRTC client
• KTOR-8956 DI: Allow file configuration
• KTOR-9157 Support SIGINT on web and SIGTERM on Native

Improvements

• KTOR-8890 Rename target jsAndWasmShared to web
• KTOR-9242 Upgrade to Kotlin 2.3
• KTOR-9243 Update libcurl to 8.18.0
• KTOR-9014 Deprecate DarwinLegacy engine
• KTOR-8931 Test iOS target of the WebRTC Client in Ktor-Chat
• KTOR-9199 Make HttpHeaders strings const
• KTOR-9208 Expose plusIsSpace in parseUrlEncodedParameters
• KTOR-2404 Ktor Oauth2 feature sends 401 response when the client secret is invalid
• KTOR-9097 Java: Use HTTP/2 by default
• KTOR-8740 HTMX: Missing DSL for some attributes
• KTOR-9171 Redesign ByteReadChannel.readUTF8Line API
• KTOR-4219 Make readUTF8LineTo return number of read symbols instead of boolean
• KTOR-6761 Apache5: Simplify configuration of ConnectionManager
• KTOR-9037 Multipart/form-data: Make formData's block inline
• KTOR-9126 Missing function ByteReadChannel.readTo(sink: RawSink, byteCount: Long)
• KTOR-9026 Introduce/reuse interfaces for logging selectors
• KTOR-6766 Deprecate Apache 4 engine
• KTOR-8642 Excessive memory allocations while writing bytes into write channel of TCP/IP socket
• KTOR-9137 ByteReadChannel.readUTF8Line is inefficient for long lines
• KTOR-8657 Remove kotlinx-datetime from ktor-server-default-headers dependencies
• KTOR-8941 Add override DI conflict policy

Bugfixes

... (truncated)

Commits

• bf25bb9 Release 3.4.0 (#5325)
• 1178f8a Update "Report a problem" links (#5322)
• f99d0af KTOR-9258 Add headers member function to DefaultRequestBuilder to prevent sil...
• 7452420 Yaml config. Resolve references only once. (#5320)
• 3798824 WebSockets. Added frame queues backpressure configuration. (#5274)
• 761eeac KTOR-9235: Ignore exceptions when parsing cookie expires date (#5288)
• b8817e5 KTOR-9210 Migrate Zstd into standalone module (#5318)
• f5e2864 Merge pull request #5316 from ktorio/zibet27/fix-auth-binary-compatibility
• cbcdc39 Auth. Fix binary compatibility.
• 95a7734 Fix RETURN_IN_FUNCTION_WITH_EXPRESSION_BODY_AND_IMPLICIT_TYPE
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-netty from 3.3.3 to 3.4.0

Release notes

Sourced from io.ktor:ktor-server-netty's releases.

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins
  • KTOR-9086 Read OpenAPI default content type information from ContentNegotiation plugin
  • KTOR-8859 Routing documentation compiler plugin
  • KTOR-8936 Routing documentation runtime API
  • KTOR-9087 Generate JSON schema for type references when using Jackson and Gson
• KTOR-7075 Zstd support
• KTOR-9209 Support Jackson 3
• KTOR-9198 Auth/Bearer: Make BearerAuthProvider detect disguised Bearer scheme
• KTOR-8927 Support for respondResource
• KTOR-9162 Auth API key plugin
• KTOR-7882 Support HTTP QUERY method
• KTOR-8195 Partial HTML response
• KTOR-8985 EngineMain: Support reading trust store settings from the configuration
• KTOR-9066 Add duplex streaming for OkHttpClient
• KTOR-8180 Auth: Provide control over tokens to user code
• KTOR-8273 iOS native interop for WebRTC client
• KTOR-8956 DI: Allow file configuration
• KTOR-9157 Support SIGINT on web and SIGTERM on Native

Improvements

• KTOR-8890 Rename target jsAndWasmShared to web
• KTOR-9242 Upgrade to Kotlin 2.3
• KTOR-9243 Update libcurl to 8.18.0
• KTOR-9014 Deprecate DarwinLegacy engine
• KTOR-8931 Test iOS target of the WebRTC Client in Ktor-Chat
• KTOR-9199 Make HttpHeaders strings const
• KTOR-9208 Expose plusIsSpace in parseUrlEncodedParameters
• KTOR-2404 Ktor Oauth2 feature sends 401 response when the client secret is invalid
• KTOR-9097 Java: Use HTTP/2 by default
• KTOR-8740 HTMX: Missing DSL for some attributes
• KTOR-9171 Redesign ByteReadChannel.readUTF8Line API
• KTOR-4219 Make readUTF8LineTo return number of read symbols instead of boolean
• KTOR-6761 Apache5: Simplify configuration of ConnectionManager
• KTOR-9037 Multipart/form-data: Make formData's block inline
• KTOR-9126 Missing function ByteReadChannel.readTo(sink: RawSink, byteCount: Long)
• KTOR-9026 Introduce/reuse interfaces for logging selectors
• KTOR-6766 Deprecate Apache 4 engine
• KTOR-8642 Excessive memory allocations while writing bytes into write channel of TCP/IP socket
• KTOR-9137 ByteReadChannel.readUTF8Line is inefficient for long lines
• KTOR-8657 Remove kotlinx-datetime from ktor-server-default-headers dependencies
• KTOR-8941 Add override DI conflict policy

Bugfixes

... (truncated)

Changelog

Sourced from io.ktor:ktor-server-netty's changelog.

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins
  • KTOR-9086 Read OpenAPI default content type information from ContentNegotiation plugin
  • KTOR-8859 Routing documentation compiler plugin
  • KTOR-8936 Routing documentation runtime API
  • KTOR-9087 Generate JSON schema for type references when using Jackson and Gson
• KTOR-7075 Zstd support
• KTOR-9209 Support Jackson 3
• KTOR-9198 Auth/Bearer: Make BearerAuthProvider detect disguised Bearer scheme
• KTOR-8927 Support for respondResource
• KTOR-9162 Auth API key plugin
• KTOR-7882 Support HTTP QUERY method
• KTOR-8195 Partial HTML response
• KTOR-8985 EngineMain: Support reading trust store settings from the configuration
• KTOR-9066 Add duplex streaming for OkHttpClient
• KTOR-8180 Auth: Provide control over tokens to user code
• KTOR-8273 iOS native interop for WebRTC client
• KTOR-8956 DI: Allow file configuration
• KTOR-9157 Support SIGINT on web and SIGTERM on Native

Improvements

• KTOR-8890 Rename target jsAndWasmShared to web
• KTOR-9242 Upgrade to Kotlin 2.3
• KTOR-9243 Update libcurl to 8.18.0
• KTOR-9014 Deprecate DarwinLegacy engine
• KTOR-8931 Test iOS target of the WebRTC Client in Ktor-Chat
• KTOR-9199 Make HttpHeaders strings const
• KTOR-9208 Expose plusIsSpace in parseUrlEncodedParameters
• KTOR-2404 Ktor Oauth2 feature sends 401 response when the client secret is invalid
• KTOR-9097 Java: Use HTTP/2 by default
• KTOR-8740 HTMX: Missing DSL for some attributes
• KTOR-9171 Redesign ByteReadChannel.readUTF8Line API
• KTOR-4219 Make readUTF8LineTo return number of read symbols instead of boolean
• KTOR-6761 Apache5: Simplify configuration of ConnectionManager
• KTOR-9037 Multipart/form-data: Make formData's block inline
• KTOR-9126 Missing function ByteReadChannel.readTo(sink: RawSink, byteCount: Long)
• KTOR-9026 Introduce/reuse interfaces for logging selectors
• KTOR-6766 Deprecate Apache 4 engine
• KTOR-8642 Excessive memory allocations while writing bytes into write channel of TCP/IP socket
• KTOR-9137 ByteReadChannel.readUTF8Line is inefficient for long lines
• KTOR-8657 Remove kotlinx-datetime from ktor-server-default-headers dependencies
• KTOR-8941 Add override DI conflict policy

Bugfixes

... (truncated)

Commits

• bf25bb9 Release 3.4.0 (#5325)
• 1178f8a Update "Report a problem" links (#5322)
• f99d0af KTOR-9258 Add headers member function to DefaultRequestBuilder to prevent sil...
• 7452420 Yaml config. Resolve references only once. (#5320)
• 3798824 WebSockets. Added frame queues backpressure configuration. (#5274)
• 761eeac KTOR-9235: Ignore exceptions when parsing cookie expires date (#5288)
• b8817e5 KTOR-9210 Migrate Zstd into standalone module (#5318)
• f5e2864 Merge pull request #5316 from ktorio/zibet27/fix-auth-binary-compatibility
• cbcdc39 Auth. Fix binary compatibility.
• 95a7734 Fix RETURN_IN_FUNCTION_WITH_EXPRESSION_BODY_AND_IMPLICIT_TYPE
• Additional commits viewable in compare view

Updates io.ktor:ktor-server-status-pages from 3.3.3 to 3.4.0

Release notes

Sourced from io.ktor:ktor-server-status-pages's releases.

3.4.0

Published 22 January 2026

Features

• KTOR-8316 Support OpenAPI specification for the Ktor Client and Server Application
  • KTOR-9085 Read OpenAPI security details from authentication plugin
  • KTOR-8993 Use runtime-generated spec for OpenAPI / Swagger plugins
  • KTOR-9086 Read OpenAPI default content type information from ContentNegotiation plugin
  • KTOR-8859 Routing documentation compiler plugin
  • KTOR-8936 Routing documentation runtime API
  • KTOR-9087 Generate JSON schema for type references when using Jackson and Gson
• KTOR-7075 Zstd support
• KTOR-9209 Support Jackson 3
• KTOR-9198 Auth/Bearer: Make BearerAuthProvider detect disguised Bearer scheme
• KTOR-8927 Support for respondResource
• KTOR-9162 Auth API key plugin
• KTOR-7882 Support HTTP QUERY method
• KTOR-8195 Partial HTML response
• KTOR-8985 EngineMain: Support reading trust store settings from the configuration
• KTOR-9066 Add duplex streaming for OkHttpClient
• KTOR-8180 Auth: Provide control over tokens to user code
• KTOR-8273 iOS native interop for WebRTC client
• KTOR-8956 DI: Allow file configuration
• KTOR-9157 Support SIGINT on web and SIGTERM on Native

Improvements

• KTOR-8890 Rename target jsAndWasmShared to web
• KTOR-9242 Upgrade to Kotlin 2.3
• KTOR-9243 Update libcurl to 8.18.0
• KTOR-9014 Deprecate DarwinLegacy engine
• KTOR-8931 Test iOS target of the WebRTC Client in Ktor-Chat
• KTOR-9199 Make HttpHeaders strings const
• KTOR-9208 Expose plusIsSpace in parseUrlEncodedParameters
• KTOR-2404 Ktor Oauth2 feature sends 401 response when the client secret is invalid
• KTOR-9097 Java: Use HTTP/2 by default
• KTOR-8740 HTMX: Missing DSL for some attributes
• KTOR-9171 Redesign ByteReadChannel.readUTF8Line API
• KTOR-4219 Make readUTF8LineTo return number of read symbols instead of boolean
• KTOR-6761 Apache5: Simplify configuration of ConnectionManager
• KTOR-9037 Multipart/form-data: Make formData's block inline
• KTOR-9126 Missing function ByteReadChannel.readTo(sink: RawSink, byteCount: Long)
• KTOR-9026 Introduce/reuse ...

  Description has been truncated

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud