canary

This is a "canary" release of the most recent commits on our main branch. Canary is not stable.
It is only intended for developers wishing to try out the latest features in Spin, some of which may not be fully implemented.

v3.4.1

This is a patch release to pull in Wasmtime v36.0.2 which fixes an OOM panic.

Verifying the Release Signature

After downloading the v3.4.1 release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/spinframework/spin/.github/workflows/release.yml@refs/tags/v3.4.1 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha 3ab5404bcb573ba1ea2e1c366e2ff63a90d307b2 \
    --certificate-github-workflow-repository spinframework/spin \
    spin

If the verification passed, you should see:

Verified OK

What's Changed

• [Backport v3.4] Update to Wasmtime 36.0.2 by @fibonacci1729 in #3253
• Bump version for patch release by @fibonacci1729 in #3254

Full Changelog: v3.4.0...v3.4.1

v3.4.0

Spin 3.4 is here with some great quality-of-life enhancements! You can now make outgoing HTTP/2 requests, opening the door to faster APIs and gRPC backends with no extra setup. Postgres got a big boost too: connections are now pooled automatically for better performance under load, and you can use more data types like UUID, JSONB, ranges, arrays, decimals, and INTERVAL. On top of that, Spin templates now include a schema directive in spin.toml, so you’ll get instant validation and code completion right in your editor when scaffolding new applications!

As always, thanks to contributors old and new for helping improve Spin on a daily basis! Special thanks to new contributors @seun-ja and @gdamjan, welcome to the project!

Verifying the Release Signature

After downloading the v3.4.0 release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/spinframework/spin/.github/workflows/release.yml@refs/tags/v3.4.0 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha 4f671bea25f17dea6d9e494bc918469043a75366 \
    --certificate-github-workflow-repository spinframework/spin \
    spin

If the verification passed, you should see:

Verified OK

What's Changed

• Bump version for next anticipated release by @fibonacci1729 in #3157
• fix: enable compiling when unsafe-aot-compilation feat enabled by @kate-goldenring in #3159
• Move outbound networking config to new crate by @rylev in #3167
• Move router to its own separate crate by @rylev in #3169
• Update wasm-pkg-common so we can build some crates for wasm target by @rylev in #3171
• Update to Wasmtime 34.0.0 by @alexcrichton in #3172
• Don't mark outbound http spans as errors. by @rylev in #3158
• Clippy 1.88 fixes by @itowlson in #3178
• Selective error spans in variables and key-value by @rylev in #3176
• Warn if spin deploy rather than spin cloud deploy by @itowlson in #3173
• The, er, rest of the Clippy 1.88 lints by @itowlson in #3181
• Fuller and more explicit docs in manifest schema by @itowlson in #3179
• fix(templates/http-go): enable GC on builds by @adamreese in #3131
• Enable HTTP2 for outgoing requests by @fibonacci1729 in #3174
• chore: dedup send_request_handler by @fibonacci1729 in #3184
• Bump rustc version to 1.86.0 in CI by @fibonacci1729 in #3187
• Fix spin-factor-outbound-http tests by @lann in #3190
• Refactor configuration env vars for pooling by @alexcrichton in #3191
• adding custom port in cli opt-in by @seun-ja in #3182
• outbound-http: Remove host header with http2 by @lann in #3194
• Pin Zig CI to the version against which the template was written by @itowlson in #3195
• isolate and handle unix error by @seun-ja in #3192
• ref(templates/go): use spinframework import path by @adamreese in #3116
• fix(templates/http-go): fix go.mod in go templates by @adamreese in #3198
• Initialise git repo in new app by @itowlson in #3197
• Remove WASI P1 compatibility check tooling by @itowlson in #3200
• Smoke test local templates as well as remote ones by @itowlson in #3199
• cargo: update onig and onig_sys by @gdamjan in #3204
• Ensure valid wasms when publishing app by @fibonacci1729 in #3206
• chore(crates/core): fix typo by @vdice in #3209
• Upgrade wasmtime to v35.0.0 by @fibonacci1729 in #3186
• added flag for clearing log files at restart by @seun-ja in #3203
• Pool Postgres connections by @itowlson in #3043
• Add schema directive to template manifests by @itowlson in #3180
• Factor out variable azure/vault providers into separate crates by @fibonacci1729 in #3215
• Allow providing static variables via the cli by @fibonacci1729 in #3216
• Allow optional description for manifest variables by @fibonacci1729 in #3219
• expressions: Fix Display for Template escaping by @lann in #3223
• outbound-networking refactoring by @lann in #3168
• PostgreSQL UUID and JSONB support by @itowlson in #3175
• Link language SDKs in the readme by @itowlson in #3225
• Validate allowed_outbound_hosts template with defaults by @lann in #3224
• enable connection pooling and reuse for outbound wasi-http by @dicej in #3229
• fix compiler warnings in nightly by @bacongobbler in #3208
• Appease clippy 0.1.89 by @lann in #3232
• Rev conformance-tests back to official by @itowlson in #3236
• enables incoming http2 stream by @seun-ja in #3227
• selects only id when checking existence of data by @seun-ja in #3233
• move the nginx HTTP2 bug workaround by @dicej in #3239
• share WASI outbound HTTP connection pool across instances by @dicej in #3240
• Validate target environments by @itowlson in #2806
• Update to Wasmtime 36.0.1 by @alexcrichton in #3237
• Bump versions for v3.4 release by @fibonacci1729 in #3243

New Contributors

• @seun-ja made their first contribution in #3182
• @gdamjan made their first contribution in #3204

Full Changelog: v3.3.1...v3.4.0

v3.3.1

What's Changed

• [Backport v3.3] fix: enable compiling when unsafe-aot-compilation feat enabled by @fibonacci1729 in #3160
• Bump version for 3.3.1 release by @fibonacci1729 in #3162

Full Changelog: v3.3.0...v3.3.1

v3.3.0

Verifying the Release Signature

After downloading the v3.3.0 release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/spinframework/spin/.github/workflows/release.yml@refs/tags/v3.3.0 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha 9dadd8c4bf347e5703f9488a7ec7eb4239cd083c \
    --certificate-github-workflow-repository spinframework/spin \
    spin

If the verification passed, you should see:

Verified OK

What's Changed

• Bump version for next release by @fibonacci1729 in #3057
• Update wasm-tools dependencies to 0.227.* by @alexcrichton in #3058
• Clippies for Rust 1.85 by @itowlson in #3059
• app: Use an Arc for App::id by @lann in #3064
• Update otel dependencies by @rylev in #3062
• Optimize per-request work dispatching to wasm by @alexcrichton in #3063
• Allow external configuration of "keep resident" options by @alexcrichton in #3065
• Fixes a 1.85 clippy in examples by @itowlson in #3066
• docs(README): slack channel updates by @vdice in #3071
• Update release notes template to reflect new docs site by @fibonacci1729 in #3069
• Update contributing link to point to spinframework.dev by @kate-goldenring in #3076
• ci(.github): bump ubuntu runners to 22.04 by @vdice in #3074
• docs(release-process): org, slack and other updates by @vdice in #3072
• Update readme after move to spinframework org by @fibonacci1729 in #3070
• chore(*): spinframework.dev docs URL updates by @vdice in #3080
• chore(docs): remove triage-guide.md by @vdice in #3081
• Add OpenSSF best practices badge by @kate-goldenring in #3079
• chore(*): more spinframework org/url updates by @vdice in #3078
• chore: add SECURITY.md file by @kate-goldenring in #3084
• Generate CLI reference by @itowlson in #3083
• chore: update SECURITY.md with supported versions section by @kate-goldenring in #3085
• Fix cache warning in GH actions by @itowlson in #3089
• Update dependencies that are broken on rustc v1.86 by @rylev in #3096
• Fix spin new list offset error in the presence of add-only templates by @itowlson in #3101
• Do less allocation when building routes. by @rylev in #3100
• Run cargo update on timer example by @rylev in #3103
• Fix the failing integration tests by @itowlson in #3114
• Less allocations in router by @rylev in #3107
• Update wasmtime/wasm-tools dependencies by @alexcrichton in #3119
• Update dependencies by @rylev in #3097
• chore(governance): propose adding spin-deps-plugin by @vdice in #3121
• chore(governance): propose adding spin-redirect by @vdice in #3120
• Support Liquid partials in templates by @itowlson in #3111
• SQLite affected row count and last_insert_rowid by @itowlson in #3095
• Generate schema for v2 manifest by @itowlson in #2997
• When looking for upgradeable installed plugins, check only on name by @itowlson in #3125
• Chore(governance): Propose adding js-wasi-ext by @karthik2804 in #3122
• Add support for limiting instance memory usage in spin up by @fibonacci1729 in #3135
• Refactor how InitContext works with factors by @alexcrichton in #3134
• Update to Wasmtime 33.0.0 by @alexcrichton in #3141
• Warn or error on dubious-looking file mount by @itowlson in #3143
• outbound-networking: Add error.type to tracing::error! by @lann in #3146
• Fix subsets inheriting service chaining requirement from whole app by @itowlson in #3136
• Add runtime config for blocking outbound connections by CIDR by @lann in #3150
• Provide more guidance on invalid allowed_outbound_hosts by @itowlson in #3152
• Warn when max memory is exceeded by @fibonacci1729 in #3147
• Bump version for v3.3 by @fibonacci1729 in #3156

Full Changelog: v3.2.0...v3.3.0

v3.2.0

This is the first release of Spin since it's donation to CNCF 🎉 This release brings various fixes and UX/DX improvements (See the changelog for a glimpse into what's changed). One notable fix is the added ability for Spin to push to a registry components that are composed with their dependencies to fix an issue with running in various Spin runtimes like runwasi.

Thank you to all of the contributors!

Verifying the Release Signature

After downloading the v3.2.0 release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/spinframework/spin/.github/workflows/release.yml@refs/tags/v3.2.0 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha c9be6d8feafc15cf1e1ef17bd9f6cb72988fa350 \
    --certificate-github-workflow-repository spinframework/spin \
    spin

If the verification passed, you should see:

Verified OK

What's Changed

• fix(.github): pin tailscale to 1.78.1 for deploy by @vdice in #2967
• bump ver on main to v3.2.0-pre0 by @michelleN in #2968
• Fix deny-all adapter for socket imports by @fibonacci1729 in #2971
• fix #2974 -- use redis::aio::ConnectionManager by @fibonacci1729 in #2976
• Azure Cosmos multiple stores per container by @rylev in #2953
• Update TinyGo templates to address static init problems by @itowlson in #2977
• fix(oci): update oci-distribution crate to get jwt fix by @vdice in #2983
• fix(templates/http-go): Remove scheduler flag from http-go build command by @adamreese in #2981
• In spin new/add, display only templates compatible with current command by @itowlson in #2984
• Warn if application uses a reserved route by @itowlson in #2986
• Fix spin watch Ctrl+C not working before first successful build by @itowlson in #2991
• Clearer progress info for multi-command builds by @itowlson in #2994
• remove CachingStoreManager from factor-key-value by @dicej in #2995
• alias spin plugin uninstall -> rm by @michelleN in #2999
• New clippies and rust-analyzer chores for Rust 1.84 by @itowlson in #3001
• Include guidance in error for non-matching HTTP component export by @itowlson in #3002
• Update wit-bindgen used in tests by @alexcrichton in #3006
• Update Wasmtime to 29.0.1 by @alexcrichton in #3005
• docs(sips/006-spin-plugins): Fix typo in package.os field definition: osx -> macos by @PetarKirov in #3011
• Add spin fileserver to project governance by @michelleN in #3012
• Allow self.alt host for self-requests by @itowlson in #3003
• rm Fermyon heading in README by @michelleN in #3013
• flake: update for newer rust by @endocrimes in #3015
• Check allowed hosts before checking the request_interceptor by @alexcrichton in #3016
• feat(push): allow pushing composed components to registry by @fibonacci1729 in #2996
• Use connection pooling when querying CosmosDB by @kate-goldenring in #3017
• fix: support empty files directories by @kate-goldenring in #3020
• Update workflows to remove most fermyon refs by @fibonacci1729 in #3024
• factors-executor: Add ComponentLoader::load_instance_pre by @lann in #3036
• componentize: Tweak clang version parsing by @lann in #3031
• fix: remove unneeded spin-core dep from key-value-azure factor by @kate-goldenring in #3022
• Don't upload release artifacts to s3 by @fibonacci1729 in #3027
• Change Homebrew data dir from fermyon-spin to spinframework-spin by @kate-goldenring in #3039
• chore: update homebrew workflow step to use new tap by @fibonacci1729 in #3029
• rm Fermyon from template output and examples by @michelleN in #3034
• update Copyright to The Spin Framework Contributors by @michelleN in #3037
• Fixes and enhancements to Cosmos KV host implementation by @kate-goldenring in #3032
• Revert expected test output for legacy apps by @itowlson in #3046
• app: Wrap inner LockedApp in Arc by @lann in #3047
• Fix concurrent HTTP component downloads race condition by @itowlson in #3050
• Allow "choose from list" parameters in templates by @itowlson in #3052
• If a component errors after starting the response, show that error by @itowlson in #3041
• Validate keys before persisting items in Azure CosmosDB key-value store by @ThorstenHans in #3054
• Pull in last changes for v3.2 release by @fibonacci1729 in #3056
• Bump version for v3.2 by @fibonacci1729 in #3055

New Contributors

• @PetarKirov made their first contribution in #3011

Full Changelog: v3.1.2...v3.2.0

v3.1.2

Spin 3.1.2

This is a patch release to fix a bug that was found in the redis key-value implementation where connections became stale after a service disruption instead of automatically reconnecting.

Verifying the Release Signature

After downloading the v3.1.2 release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/fermyon/spin/.github/workflows/release.yml@refs/tags/v3.1.2 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha 3d37bd8cdd1ddbfc94b9670540fbf9eb09687c2a \
    --certificate-github-workflow-repository fermyon/spin \
    spin

If the verification passed, you should see:

Verified OK

Full Changelog: v3.1.1...v3.1.2

v3.1.1

Spin 3.1.1

This is a patch release to fix a bug that was found in the deny-all adapter used to implement configuration inheritance for component dependencies.

Verifying the Release Signature

After downloading the v3.1.1 release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/fermyon/spin/.github/workflows/release.yml@refs/tags/v3.1.1 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha aa919ce36a5f6c45e6c9b66bcd94657281f44bf3 \
    --certificate-github-workflow-repository fermyon/spin \
    spin

If the verification passed, you should see:

Verified OK

Full Changelog: v3.1.0...v3.1.1

v3.1.0

Just in time for the holidays, Spin v3.1.0 brings the gift of key/value support backed by AWS DynamoDB and a bunch of housekeeping improvements. See the change log below for more details and let us know what you think in the GitHub issues.

As always, thanks to contributors old and new for helping improve Spin on a daily basis! Special thanks to @ogghead for contributing AWS DynamoDB support for key/value. 🎉

Verifying the Release Signature

After downloading the release of Spin, either via the artifact attached to this release corresponding to your OS/architecture combination or via the installation method of your choice, you are ready to verify the release signature.

First, install cosign. This is the tool we'll use to perform signature verification. Then run the following command:

cosign verify-blob \
    --signature spin.sig --certificate crt.pem \
    --certificate-identity https://github.com/fermyon/spin/.github/workflows/release.yml@refs/tags/v3.1.0 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-sha 1aa89dab04600e18dc4227f22a68e71b246f8553 \
    --certificate-github-workflow-repository fermyon/spin \
    spin

If the verification passed, you should see:

Verified OK

What's Changed

• Ignore MQTT test flake by @itowlson in #2901
• fix(release.yml): skip docker job if ref isn't main or tag by @vdice in #2903
• Fix @ in URL path confusing the parser by @itowlson in #2906
• Bump wasmtime from 25.0.2 to 25.0.3 by @dependabot in #2911
• chore(.github): bump upload-artifact to v4 by @vdice in #2913
• Fix rustdoc lints and formatting by @lann in #2914
• chore(*): post-3.0.0 version bump by @vdice in #2917
• Update rust templates to use SDK 3.1.0. by @mikkelhegn in #2919
• doc: Update README - Redis is supported in typescript by @vanvuongngo in #2920
• Update wasm-pkg-tools for better warg by @itowlson in #2922
• Implement AWS key value store by @ogghead in #2883
• Switch Rust templates to wasm32-wasip1 by @itowlson in #2927
• CI now needs wasm32-wasip1 by @itowlson in #2929
• Fix instrumentation name for delete_many by @ogghead in #2931
• Upgrade OTel to stop Tokio being pinned by @itowlson in #2932
• convert issue template to form by @michelleN in #2878
• Relax wasi 0.2 constraint by @ogghead in #2935
• Update snippet for the Staic Fileserver template so 'spin add' also use with 0.3.0 by @mikkelhegn in #2937
• Fix plugins versions being alpha compared by @itowlson in #2947
• fix: enable configuring log_dir from runtime config by @kate-goldenring in #2945
• Add counter telemetry by @me-diru in #2741
• ref(*): replace wasm32-wasi with wasm32-wasip1 by @vdice in #2948
• Fix C and Zig templates by @itowlson in #2950
• Bump rustls from 0.23.16 to 0.23.18 by @dependabot in #2934
• spin plugins list --json by @itowlson in #2958
• Work around breaking change in cross by @itowlson in #2964
• Install templates from remote tarball by @itowlson in #2957
• Statically link runtime into Windows binary by @itowlson in #2960
• Fix: disable unwinding for musl builds by @kate-goldenring in #2963
• add go sdk to governance project list by @michelleN in #2949
• bump versions to v3.1 by @michelleN in #2966

New Contributors

• @vanvuongngo made their first contribution in #2920

Full Changelog: v3.0.0...v3.1.0