2.66.4
(fix): Dynamic snippets now render path-parameter arguments in IR (URL / SDK signature) order
rather than in the order they happen to appear in the input request, so generated
examples line up with the actual SDK method signature even when the spec lists path
parameters in a different order.
2.66.3
(fix): Bump WireMock.Net from 2.2.0 to 2.6.0 in generated test projects to resolve Snyk
vulnerability reports flagging the older version.
2.66.2
(chore): Patch C# SDK generator container CVEs flagged in the AWS ECR / grype scan.
Switch the apk upgrade to pick up the latest Alpine 3.23 patches (nghttp2,
openssl, libcrypto, libssl, sqlite-libs, expat, etc.), pin a non-vulnerable
set of System.* NuGet dependencies, drop the bundled PowerShell warmup
so its vendored System.Net.Http 4.3.0 / System.Security.Cryptography.Xml
DLLs are no longer included in the published image, and clear the
System.Net.Http 4.3.0 artifact the /dependencies.csproj warmup leaves
in the NuGet cache after restore.
2.66.1
(chore): Bump the C# SDK and C# model generator containers’ Node base image from
node:22.22-alpine3.23 to node:24.15-alpine3.23. Aligns the generators
with the rest of the Fern generator containers on a single Node major
version (Node 24) and picks up Node 24’s CVE patches. The bundled npm
11.12.1 in node:24.15 already ships patched brace-expansion@5.0.4, so
the C# SDK’s brace-expansion 2.0.3 replacement step is removed. The
ip-address and picomatch patches are retained because the bundled
versions in node:24.15 (10.1.0 and 4.0.3 respectively) are still
vulnerable.
2.66.0
(feat): Add a default-timeout-in-seconds config option to the C# SDK generator.
When set, the generated ClientOptions.Timeout defaults to the configured
value (or Timeout.InfiniteTimeSpan when set to "infinity") instead of
the previously hardcoded 30 seconds. SDK users can still override the
timeout per-request via RequestOptions.Timeout.
(feat): Add an opt-in user-agent-name-from-package custom config option. When set
to true, the generated client falls back to a
<NuGetPackageId>/<version> User-Agent header when no
platformHeaders.userAgent is set in the IR (e.g. for SDKs imported from
OpenAPI), matching the TypeScript generator’s npm-package-name fallback.
Defaults to false, preserving the existing behavior of emitting no
User-Agent header in that case.
2.65.2
(chore): Bump generator container Node.js base image to node:22.22-alpine3.23 and
apply latest Alpine package security updates at build time.
2.65.1
(chore): Patch the C# SDK generator container to remediate the 40 vulnerabilities
reported by the 2026-05-06 grype scan. Bump the Node.js base image to
22.22.2-alpine3.22 (fixes Node binary CVEs and upgrades npm-bundled
cross-spawn, minimatch, glob, tar, and diff), remove the unused PowerShell
install bundled with dotnet/sdk:10.0-alpine to drop the vulnerable
System.Security.Cryptography.Xml 10.0.5 DLL flagged by GHSA-37gx-xxp4-5rgx
and GHSA-w3x6-4m5h-cxqf, run apk upgrade to pick up the nghttp2-libs
CVE-2026-27135 fix, and patch npm’s bundled ip-address (10.1.1),
picomatch (4.0.4), and brace-expansion (2.0.3).
2.65.0
(feat): Generate CONTRIBUTING.md for C# SDKs, matching the pattern used by the TypeScript generator.
The file is skipped for whitelabel SDKs.
2.64.2
(fix): Dedup auth-derived headers in the generated client constructor when
multiple auth schemes resolve to the same HTTP header name (for
example, an oauth2 bearer scheme plus an apiKey-in-header scheme
both named Authorization). Previously the constructor’s
Dictionary<string, string> collection initializer added the same
key twice and threw System.ArgumentException: An item with the same key has already been added at runtime. Earlier auth schemes
win, preserving the ordering established by the IR.
(fix): Fix literal boolean auth-header values being emitted as "True" regardless
of the configured value. The generated client constructor’s auth-header
dictionary tested the truthiness of the Literal discriminated-union
object instead of reading its boolean field, so a literal false header
incorrectly produced "True".
2.64.1
(fix): Fix namespace collision when referencing nested discriminated union variant
types in generated test code. When the enclosing type name matches a segment
of the test file’s namespace, the C# compiler resolves it as the namespace
instead of the SDK type (CS0234). Now emits fully qualified type references
in this case.
(fix): Fix OneOfSerializer to prefer strongly-typed deserialization over catch-all
matches. When a discriminated union type inside a OneOf uses a catch-all for
unknown discriminators, the serializer now tries all types and selects the
best match instead of returning the first success.
(fix): Fix serialization round-trip tests to account for WhenWritingNull normalization.
The Roundtrips test now verifies idempotency of the serialized form rather than
comparing against the raw input JSON, which may include null optional properties
that are intentionally omitted by the serializer.
2.64.0
(feat): Add retryStatusCodes config with "legacy" and "recommended" modes. Legacy (default)
preserves current behavior (408, 429, >= 500). Recommended retries only transient
codes (408, 429, 502, 503, 504), avoiding idempotency issues with 500. A 3.0.0
migration auto-pins legacy for upgrading users.
2.63.3
(fix): Fix dynamic snippets emitting wrong property name when PascalCase(property)
collides with class name (e.g. CatalogV1Id.catalog_v1_id). The snippet
generator now uses the same rename logic as the SDK (appending ”_”) so that
generated examples compile without CS0542 / CS0117 errors.
2.63.2
(fix): Fix multi-value query parameter snippets when the example value is already
a list, which previously produced uncompilable list-of-list initializers
like [new List<T>() { value }] in mock server tests, reference docs, and
snippets.
2.63.1
(fix): Fix WireMock test generation to use percent-encoded query parameter keys,
matching what spec-compliant HTTP clients send. Also split comma-delimited
query parameter examples into multiple values in a single WithParam() call,
since WireMock.Net parses comma-separated values into arrays.
2.63.0
(feat): Support x-fern-default as fallback value for parameters in generated C# SDKs.
When a header, query parameter, or path parameter has a clientDefault value in the IR,
the generated C# SDK makes that parameter optional with the default value automatically applied.
