v3.42.1

3.42.1 (2026-05-18)

Bug Fixes

• Null body for non-downstream requests with no stream created for them (#1479) (511c667)

v3.42.0

3.42.0 (2026-05-11)

This is another release tackling a number of bugs exposed by either GC settings or automated security scanners. We've also hardened reusable sandboxes so they don't continue if we're not confident in their current state.

Features

• Bail out of reusable sandbox if request fails (#1453) (b6f41b0)

Bug Fixes

• Allocation failure checks (#1457) (c882105)
• Avoid dereferencing one-past-the-end iterator in host_api (#1461) (acf2b25)
• Be more defensive in ip_octets_to_js_string (#1468) (60bbec1)
• Cache body range check (#1463) (f38ce55)
• Cache override getters for beforeSend and afterSend (#1466) (5261936)
• Correct GC guard type in KVStore::put to prevent wasm unreachable crashes and fix some CI issues (#1475) (15f850d)
• Ensure nul-termination of string for inet_pton (#1462) (0e3afbe)
• Find invalid characters after nul bytes in KV store keys (#1464) (5f0f0f2)
• Incorrect catch handler failure check (#1458) (fb3c01a)
• Memory leak in get_found_response (#1456) (17559d3)
• Memory leak on failed inspect hostcall (#1455) (9b77977)
• Protect against GC from validate_bytes (#1447) (be0867b)
• Shrinking realloc in KVStorePendingLookup (#1467) (5a72d13)
• Throw error on negative ttl and swr (#1465) (7d29650)

v3.41.2

3.41.2 (2026-05-04)

This release includes several memory management-related fixes found through automated tooling analysis and by configuring our test suite to run locally under high GC zeal. Most of these issues have not been reported as affecting anything in the wild and are largely preventative as part of an ongoing effort to improve the SDK's quality and reliability. In the near future, we will also enable high GC zeal testing as part of our standard testing process, since it's able to expose memory issues that are otherwise very hard to reproduce.

Bug Fixes

• HttpBody::read_all for large bodies (#1444) (99f45b5)
• Check pending exceptions between requests in reusable sandbox mode (#1425) (64a6b21)
• Memory issues exposed by high GC zeal (#1442) (f406308)
• Memory leak in normalize_http_method (#1449) (669b58a)
• mislabeled Response::Slots::URL slot (#1445) (6d4d268)
• Numeric overflow issue in Core Cache API (#1448) (360c9bf)
• Potential buffer size issues in shielding (#1443) (4bf9d72)
• Reset StarlingMonkey engine between requests (#1426) (238cf70)
• SSL string cipher intersection (#1446) (13ef2d5)
• Use length rather than NUL-terminator when copying HostStrings (#1429) (8aa3f4c)

v3.41.1

3.41.1 (2026-04-10)

Bug Fixes

• Deal with bodyless statuses in CandidateResponse situations (#1414) (cfd6c4b)
• Mark FetchEvent as done when we redirect to ws/grip proxies (9831bd4)
• Support setCacheKey for HTTP cache (#1411) (a707c3d)

v3.41.0

3.41.0 (2026-04-08)

Features

• Add --gc-frequency option to debug-build.sh (#1395) (a6e4a1f)
• Allow the use of project-level external config file for js-compute-runtime CLI behavior (#1405) (9749cab)
• Support installation in projects that use TypeScript 6 (e4273a3)

Bug Fixes

• Allow --aot-cache and --debug-intermediate-files flags to be specified with equals (#1403) (81a75f8)
• Double free in convertBodyInit (#1387) (72acfc3)
• GC fixes for edge rate limiter (#1397) (fd9e322)
• GC issue in handoffs (#1396) (b57fc8f)
• Shielding GC (#1401) (6de2f55)

v3.40.1

3.40.1 (2026-02-24)

Bug Fixes

• early-hints: early hints don't need to be sync inside a FetchEve… (#1323) (22ac0cc)

v3.40.0

3.40.0 (2026-02-17)

Features

• Allow custom weval binary (#1315) (b143150)
• Reusable sandboxes (#1314) (70a9d28)

Bug Fixes

• Add security to docs rename script (#1316) (7028c0b)

v3.39.4

3.39.4 (2026-02-13)

Bug Fixes

• Body truncation error in chained extract_body requests (#1310) (b929648)

v3.39.3

3.39.3 (2026-02-12)

Bug Fixes

• Don't throw from event.client.geo or event.client.address on hostcall error (#1306) (471b112)

v3.39.2

3.39.2 (2026-02-09)

Bug Fixes

• NPM publication (f80c089)