Hono
Ultrafast web framework for the edge
Hono runs a tight security-and-fix cadence, hardening its middleware release by release.
◆Recent moves
- 3d ago
v4.12.28: serve-static and Content-Type matching fixes
v4.12.28 is a fixes-and-chores release: serve-static empty-string handling, case-insensitive Content-Type matching, docs and packaging tweaks — routine polish in the ongoing maintenance cadence.
View source ↗ - 16d ago
v4.12.27: fix cross-request context leak in hono/jsx SSR
v4.12.27 fixes a real SSR correctness bug where hono/jsx stored context process-wide instead of per request, so useContext after an await could return another request's value — a meaningful security-and-correctness fix consistent with the recent hardening push.
View source ↗ - 21d ago
v4.12.26: CI/build housekeeping and Lambda-edge type fix
v4.12.26 is infrastructure and cleanup: Lambda-edge Deno type fix, OIDC trusted publishing from CI, and swapping build-script deps for Bun-native APIs — no user-facing change.
View source ↗ - 1mo ago
v4.12.25: fix CORS wildcard origin reflecting credentials
v4.12.25 closes a CORS vulnerability where the wildcard-origin default reflected the request Origin and sent Access-Control-Allow-Credentials: true — a genuine security fix in a widely used middleware.
View source ↗ - 1mo ago
v4.12.24: docs, tests, and small middleware fixes
v4.12.24 bundles docs, dependency cleanup, a bearer-auth error-message tweak, language-middleware tests, and an IPv6 parsing fix — small maintenance items.
View source ↗ - 1mo ago
v4.12.23: public Context export and compress filter option
v4.12.23 adds two real API touches — a public Context class export and a compress contentTypeFilter option — on top of a serve-static path-normalization fix, modestly widening the framework's surface.
View source ↗