feat!: GA readiness improvements

CHANGELOG.md

@@ -1,3 +1,143 @@
+## v1.0.0 - 2026-03-20
+
+### Major Updates
+
+This is the first GA release of AWS Lambda Web Adapter. It includes multi-tenancy support, Lambda Managed Instances, improved error handling, zero-copy body conversion, comprehensive documentation, and a migration path from 0.x.
+
+### Breaking Changes
+
+- Removed `AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS` and the `readiness_check_min_unhealthy_status` field. Use `AWS_LWA_READINESS_CHECK_HEALTHY_STATUS` / `readiness_check_healthy_status` instead.
+- Non-prefixed environment variables (`HOST`, `READINESS_CHECK_PORT`, etc.) are deprecated and will be removed in 2.0. Use `AWS_LWA_` prefixed versions.
+
+### Features
+
+- **Multi-tenancy support**: Propagate `tenant_id` from Lambda context as `x-amz-tenant-id` header (#631)
+- **Lambda Managed Instances**: Support concurrent request handling in a single execution environment (#625)
+- **Error status codes**: New `AWS_LWA_ERROR_STATUS_CODES` env var to treat specific HTTP status codes as Lambda failures (#558)
+- **Runtime API proxy**: New `AWS_LWA_LAMBDA_RUNTIME_API_PROXY` env var to proxy Lambda runtime API calls (#588)
+- **Healthy status ranges**: New `AWS_LWA_READINESS_CHECK_HEALTHY_STATUS` supporting comma-separated codes and ranges (e.g., `200-399,404`) (#638)
+
+### Performance
+
+- Zero-copy body conversion — avoid unnecessary allocations when forwarding request bodies (#627)
+- Add `panic=abort` and `opt-level=s` to release profile for smaller binary size (#646)
+
+### Bug Fixes
+
+- Don't append trailing `?` when query string is empty (#657)
+- Fix `path_through_path` renamed to `pass_through_path` (#619)
+- Override user-set `x-amzn-{lambda,request}-context` headers to prevent spoofing (#286)
+- Remove `transfer-encoding` header from responses for SAM local compatibility (#442)
+- Warn when configured `authorization_source` header is not found in request (#479)
+
+### Documentation
+
+- Comprehensive rustdoc documentation for all public types and methods
+- Added migration guide for 0.x to 1.0 upgrade
+- Added SECURITY.md
+- Added user guide with GitHub Pages deployment (#639)
+
+### CI/CD
+
+- Split pipeline into separate PR, Merge, and Release workflows (#642)
+- Add conventional commits changelog generation and commit linting (#641)
+- Add workflow to verify examples without deployment (#643)
+- Daily security audit via `rustsec/audit-check` (#391)
+- Benchmark tracking with PR comments
+
+---
+
+## v0.9.1 - 2025-04-23
+
+### Features
+
+- Add `AWS_LWA_LAMBDA_RUNTIME_API_PROXY` to overwrite Lambda Runtime API endpoint (#588)
+
+### Examples
+
+- Bun server with GraphQL examples (#584)
+
+---
+
+## v0.9.0 - 2025-01-10
+
+### Features
+
+- Force Lambda failure on configurable HTTP error status codes (#558)
+- Streaming API backend-only example (#543)
+
+### Examples
+
+- SvelteKit SSR zip example (#561)
+- Remix examples (#524)
+- FastHTML examples (#496)
+
+### Improvements
+
+- Simplify debug logging for app readiness checks (#520)
+- Read AWS region from env var (#518)
+
+---
+
+## v0.8.4 - 2024-07-27
+
+### Features
+
+- Add `authorization_source` feature to copy custom header to `Authorization` (#478)
+- Warn when configured authorization source header not found (#479)
+
+---
+
+## v0.8.3 - 2024-04-21
+
+### Bug Fixes
+
+- Remove `transfer-encoding` header from responses (#442)
+
+### Examples
+
+- Javalin 6 example using Arm64 image (#425)
+- NestJS example (#394)
+- FastAPI Background Tasks example (#408)
+- FastAPI response streaming with Claude3 refactor (#416)
+
+---
+
+## v0.8.2 - 2024-04-10
+
+### Improvements
+
+- Add daily security audit (#391)
+- Upgrade lambda-http crate to 0.9.3 (#390)
+
+### Examples
+
+- Go HTTP example (#383)
+- Sinatra example (#365)
+
+---
+
+## v0.8.1 - 2024-01-24
+
+### Bug Fixes
+
+- Minor fixes and dependency updates
+
+---
+
+## v0.8.0 - 2024-01-22
+
+### Features
+
+- Pass-through events support for non-HTTP triggers (#342)
+- Adopt `cargo-lambda` for builds (#337)
+
+### Examples
+
+- SQS + Express.js example (#347, #348)
+
+---
+
 ## v0.7.1 - 2023-08-18
 # Major Updates
 

README.md

@@ -71,7 +71,7 @@ The readiness check port/path and traffic port can be configured using environme
 > `HOST`, `READINESS_CHECK_PORT`, `READINESS_CHECK_PATH`, `READINESS_CHECK_PROTOCOL`, `REMOVE_BASE_PATH`, `ASYNC_INIT`.
 > Please migrate to the `AWS_LWA_` prefixed versions. Note: `PORT` is not deprecated and remains a supported fallback for `AWS_LWA_PORT`.
 >
-> Additionally, `AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS` is deprecated. Use `AWS_LWA_READINESS_CHECK_HEALTHY_STATUS` instead.
+> Additionally, `AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS` has been removed in 1.0. Use `AWS_LWA_READINESS_CHECK_HEALTHY_STATUS` instead.
 
 👉 [Detailed configuration docs](https://awslabs.github.io/aws-lambda-web-adapter/configuration/environment-variables.html)
 
@@ -128,6 +128,34 @@ This project was inspired by several community projects.
 - [re:Web](https://github.com/apparentorder/reweb)
 - [Serverlessish](https://github.com/glassechidna/serverlessish)
 
+## Migrating from 0.x to 1.0
+
+### Environment Variables
+
+All environment variables now use the `AWS_LWA_` prefix. The old non-prefixed names still work but are deprecated and will be removed in version 2.0.
+
+| Old (Deprecated)             | New                                        |
+|------------------------------|--------------------------------------------|
+| `READINESS_CHECK_PORT`       | `AWS_LWA_READINESS_CHECK_PORT`             |
+| `READINESS_CHECK_PATH`       | `AWS_LWA_READINESS_CHECK_PATH`             |
+| `READINESS_CHECK_PROTOCOL`   | `AWS_LWA_READINESS_CHECK_PROTOCOL`         |
+| `REMOVE_BASE_PATH`           | `AWS_LWA_REMOVE_BASE_PATH`                 |
+| `ASYNC_INIT`                 | `AWS_LWA_ASYNC_INIT`                       |
+
+> **Note:** `PORT` is **not** deprecated and remains a supported fallback for `AWS_LWA_PORT`.
+
+### Readiness Check Health Status
+
+`AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS` has been removed. Use `AWS_LWA_READINESS_CHECK_HEALTHY_STATUS` instead, which accepts comma-separated codes and ranges:
+
+```bash
+# Old
+AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS=400
+
+# New (equivalent)
+AWS_LWA_READINESS_CHECK_HEALTHY_STATUS=100-399
+```
+
 ## Similar Projects
 
 Several projects also provide similar capabilities as language specific packages/frameworks.
@@ -140,7 +168,7 @@ Several projects also provide similar capabilities as language specific packages
 
 ## Security
 
-See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
+See [SECURITY](SECURITY.md) for vulnerability reporting and [CONTRIBUTING](CONTRIBUTING.md) for more information.
 
 ## License
 

SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a potential security issue in this project, we ask that you notify AWS/Amazon Security via our
+[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/).
+
+Please do **not** create a public GitHub issue for security vulnerabilities.
+
+## Supported Versions
+
+We recommend always using the latest version of AWS Lambda Web Adapter to ensure you have the most recent security patches.
+
+| Version | Supported          |
+|---------|--------------------|
+| 1.x     | :white_check_mark: |
+| < 1.0   | :x:                |

docs/development.md

@@ -8,8 +8,8 @@ AWS Lambda executes functions in x86_64 Amazon Linux Environment. We need to com
 First, clone this repo to your local computer.
 
 ```shell
-$ git clone https://github.com/aws-samples/aws-lambda-adapter.git
-$ cd aws-lambda-adapter
+$ git clone https://github.com/awslabs/aws-lambda-web-adapter.git
+$ cd aws-lambda-web-adapter
 ```
 
 ### Compiling with Docker

src/lib.rs

@@ -71,7 +71,6 @@ const ENV_READINESS_CHECK_PORT: &str = "AWS_LWA_READINESS_CHECK_PORT";
 const ENV_READINESS_CHECK_PATH: &str = "AWS_LWA_READINESS_CHECK_PATH";
 const ENV_READINESS_CHECK_PROTOCOL: &str = "AWS_LWA_READINESS_CHECK_PROTOCOL";
 const ENV_READINESS_CHECK_HEALTHY_STATUS: &str = "AWS_LWA_READINESS_CHECK_HEALTHY_STATUS";
-const ENV_READINESS_CHECK_MIN_UNHEALTHY_STATUS: &str = "AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS";
 const ENV_REMOVE_BASE_PATH: &str = "AWS_LWA_REMOVE_BASE_PATH";
 const ENV_PASS_THROUGH_PATH: &str = "AWS_LWA_PASS_THROUGH_PATH";
 const ENV_ASYNC_INIT: &str = "AWS_LWA_ASYNC_INIT";
@@ -281,12 +280,6 @@ pub struct AdapterOptions {
     /// Default: [`Protocol::Http`]
     pub readiness_check_protocol: Protocol,
 
-    /// Deprecated: Use `readiness_check_healthy_status` instead.
-    ///
-    /// Minimum HTTP status code considered unhealthy.
-    #[deprecated(since = "1.0.0", note = "Use readiness_check_healthy_status instead")]
-    pub readiness_check_min_unhealthy_status: u16,
-
     /// List of HTTP status codes considered healthy for readiness checks.
     ///
     /// Can be configured via `AWS_LWA_READINESS_CHECK_HEALTHY_STATUS` using:
@@ -382,36 +375,19 @@ fn get_optional_env_with_deprecation(new_name: &str, old_name: &str) -> Option<S
 }
 
 impl Default for AdapterOptions {
-    #[allow(deprecated)]
     fn default() -> Self {
         let port = env::var(ENV_PORT)
             .or_else(|_| env::var(ENV_PORT_DEPRECATED))
             .unwrap_or_else(|_| "8080".to_string());
 
         // Handle readiness check healthy status codes
-        // New env var takes precedence, then fall back to deprecated min_unhealthy_status
         let readiness_check_healthy_status = if let Ok(val) = env::var(ENV_READINESS_CHECK_HEALTHY_STATUS) {
             parse_status_codes(&val)
-        } else if let Ok(val) = env::var(ENV_READINESS_CHECK_MIN_UNHEALTHY_STATUS) {
-            tracing::warn!(
-                "Environment variable '{}' is deprecated. \
-                Please use '{}' instead (e.g., '100-499').",
-                ENV_READINESS_CHECK_MIN_UNHEALTHY_STATUS,
-                ENV_READINESS_CHECK_HEALTHY_STATUS
-            );
-            let min_unhealthy: u16 = val.parse().unwrap_or(500);
-            (100..min_unhealthy).collect()
         } else {
-            // Default: 100-499 (same as previous default of min_unhealthy=500)
+            // Default: 100-499
             (100..500).collect()
         };
 
-        // For backward compatibility, also set the deprecated field
-        let readiness_check_min_unhealthy_status = env::var(ENV_READINESS_CHECK_MIN_UNHEALTHY_STATUS)
-            .unwrap_or_else(|_| "500".to_string())
-            .parse()
-            .unwrap_or(500);
-
         AdapterOptions {
             host: get_env_with_deprecation(ENV_HOST, ENV_HOST_DEPRECATED, "127.0.0.1"),
             port: port.clone(),
@@ -420,7 +396,6 @@ impl Default for AdapterOptions {
                 ENV_READINESS_CHECK_PORT_DEPRECATED,
                 &port,
             ),
-            readiness_check_min_unhealthy_status,
             readiness_check_healthy_status,
             readiness_check_path: get_env_with_deprecation(
                 ENV_READINESS_CHECK_PATH,
@@ -1106,13 +1081,11 @@ mod tests {
         });
 
         // Prepare adapter configuration - only 200-399 are healthy
-        #[allow(deprecated)]
         let options = AdapterOptions {
             host: app_server.host(),
             port: app_server.port().to_string(),
             readiness_check_port: app_server.port().to_string(),
             readiness_check_path: "/healthcheck".to_string(),
-            readiness_check_min_unhealthy_status: 400,
             readiness_check_healthy_status: (200..400).collect(),
             ..Default::default()
         };
@@ -1137,7 +1110,6 @@ mod tests {
         let listener = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
         let port = listener.local_addr().unwrap().port();
 
-        #[allow(deprecated)]
         let options = AdapterOptions {
             host: "127.0.0.1".to_string(),
             port: port.to_string(),
@@ -1158,7 +1130,6 @@ mod tests {
     #[tokio::test]
     async fn test_tcp_readiness_check_failure() {
         // Use a port that nothing is listening on
-        #[allow(deprecated)]
         let options = AdapterOptions {
             host: "127.0.0.1".to_string(),
             port: "19999".to_string(),
@@ -1203,7 +1174,6 @@ mod tests {
 
     #[test]
     fn test_adapter_new_invalid_host() {
-        #[allow(deprecated)]
         let options = AdapterOptions {
             host: "invalid host with spaces".to_string(),
             port: "8080".to_string(),
@@ -1218,7 +1188,6 @@ mod tests {
 
     #[test]
     fn test_adapter_new_valid_config() {
-        #[allow(deprecated)]
         let options = AdapterOptions {
             host: "127.0.0.1".to_string(),
             port: "3000".to_string(),
@@ -1273,7 +1242,6 @@ mod tests {
 
     #[test]
     fn test_compression_disabled_with_response_stream() {
-        #[allow(deprecated)]
         let options = AdapterOptions {
             compression: true,
             invoke_mode: LambdaInvokeMode::ResponseStream,
@@ -1289,7 +1257,6 @@ mod tests {
 
     #[test]
     fn test_compression_enabled_with_buffered() {
-        #[allow(deprecated)]
         let options = AdapterOptions {
             compression: true,
             invoke_mode: LambdaInvokeMode::Buffered,

tests/integ_tests/main.rs

@@ -69,7 +69,6 @@ fn test_adapter_options_from_namespaced_env() {
     env::set_var("AWS_LWA_ENABLE_COMPRESSION", "true");
     env::set_var("AWS_LWA_INVOKE_MODE", "response_stream");
     env::set_var("AWS_LWA_AUTHORIZATION_SOURCE", "auth-token");
-    env::remove_var("AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS");
 
     // Initialize adapter with env options
     let options = AdapterOptions::default();
@@ -964,7 +963,6 @@ fn test_deprecated_env_var_fallback() {
     env::remove_var("AWS_LWA_INVOKE_MODE");
     env::remove_var("AWS_LWA_AUTHORIZATION_SOURCE");
     env::remove_var("AWS_LWA_READINESS_CHECK_HEALTHY_STATUS");
-    env::remove_var("AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS");
 
     // Set only deprecated (non-prefixed) env vars
     env::set_var("PORT", "4000");