Dancer 2.1.0 Released

By Jason A. Crome on

We're thrilled to announce the release of Dancer2 2.1.0! This release represents a major investment in the health and quality of the project. We've gone deep into the issue tracker and PR backlog, closing out some of our oldest open issues — some dating back years — and significantly grooming both the issue and pull request queues. A big thank you to everyone who contributed.

Bug Fixes

This release addresses a number of long-standing issues:

  • UTF-8 handling improvements: to_json no longer double-encodes UTF-8 (#686), the charset config option is now properly respected (#1124), and UTF-8 in URLs is handled correctly (#1143). To the best of our knowledge, this release fixes all known UTF-8 issues. The default charset for Dancer2 apps is now UTF-8 rather than undefined. You can set an empty charset for your app if needed.
  • Case-insensitive system confusion has been resolved (#863).
  • Plugin DSL keywords are now app-specific (#1449, #1630), preventing cross-application bleed in multi-app setups.
  • Test suite fixes: Resolved content_type errors in t/dsl/send_file.t (#1772), JSON warnings in t/dsl/send_as.t (#1773), and void warnings in t/hooks.t (#1774).
  • Windows compatibility: File uploads are now properly unlinked on Windows (#1777).

Enhancements

  • Strict config mode (#763): Dancer2 can now warn on unknown config keys, with an opt-out available. New apps scaffolded with dancer2 gen will have strict config enabled by default.
  • Path::Tiny migration (#1264): Internal path handling has moved to Path::Tiny for cleaner, more reliable file operations.
  • Unicode::UTF8 support (#1594): When Unicode::UTF8 is available, Dancer2 will use it for faster encoding/decoding.
  • Batch session cookie access (#1073): Retrieve multiple session cookie values at once with the clear method.
  • Fully qualified engine namespaces (#1323): All engines now accept fully qualified package names.
  • Double server header fix (#1664): Dancer2 no longer sends duplicate Server headers.
  • Improved send_as (#1709): send_as now uses the full serializer pipeline, including hooks.
  • Dispatching improvements (PR #1757): Removed the deprecated api_version and improved the dispatching loop.
  • MIME ownership (PR #1758): MIME type handling has been moved to the app level.
  • Package name in logger output (PR #1780): Logger output can now include the calling package name, making multi-module debugging easier.

Documentation

  • Better documentation for the views setting behavior (#1431).
  • Fixed broken links in the manual and tutorial (PR #1749, #1750).
  • Improved config documentation structure (PR #1753).
  • Removed the stale logger keyword from the DSL docs (PR #1762).

Security

  • The "Powered by..." text has been removed from the default error page (PR #1776). Security researchers flagged this as an information disclosure concern — advertising the framework and version in error responses gives potential attackers a head start. The default error page is now clean of framework identifiers.

Thank You

Thanks to all who contributed to this release: Sawyer X, Russell Jenkins, Mikko Koivunalho, Gil Magno, and Sorin Pop.

You can install or upgrade via CPAN:

cpanm Dancer2

Happy Dancing!

Jason/CromeDome

Tagged as:

Leave a comment

About Jason A. Crome

user-pic Perl/Dancer hacker, pilot, hockey wannabe.

More info »