Alexandre Vicenzi
64dd419dce
Add CVEs OBS-URL: https://build.opensuse.org/request/show/1177929 OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=49
1060 lines
57 KiB
Plaintext
1060 lines
57 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu May 30 16:17:13 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Update to version 2.8.1:
|
|
* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)
|
|
* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 28 00:06:54 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Update to version 2.8.0:
|
|
* acmeserver: Add `sign_with_root` for Caddyfile (#6345)
|
|
* caddyfile: Reject global request matchers earlier (#6339)
|
|
* core: Fix bug in AppIfConfigured (fix #6336)
|
|
* fix a typo (#6333)
|
|
* autohttps: Move log WARN to INFO, reduce confusion (#6185)
|
|
* reverseproxy: Support HTTP/3 transport to backend (#6312)
|
|
* context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)
|
|
* Fix lint error about deprecated method in smallstep/certificates/authority
|
|
* go.mod: Upgrade dependencies
|
|
* caddytls: fix permission requirement with AutomationPolicy (#6328)
|
|
* caddytls: remove ClientHelloSNICtxKey (#6326)
|
|
* caddyhttp: Trace individual middleware handlers (#6313)
|
|
* templates: Add `pathEscape` template function and use it in file browser (#6278)
|
|
* caddytls: set server name in context (#6324)
|
|
* chore: downgrade minimum Go version in go.mod (#6318)
|
|
* caddytest: normalize the JSON config (#6316)
|
|
* caddyhttp: New experimental handler for intercepting responses (#6232)
|
|
* httpcaddyfile: Set challenge ports when http_port or https_port are used
|
|
* logging: Add support for additional logger filters other than hostname (#6082)
|
|
* caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)
|
|
* Second half of 6dce493
|
|
* caddyhttp: Alter log message when request is unhandled (close #5182)
|
|
* chore: Bump Go version in CI (#6310)
|
|
* go.mod: go 1.22.3
|
|
* Fix typos (#6311)
|
|
* reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)
|
|
* tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308)
|
|
* go.mod: CertMagic v0.21.0
|
|
* reverseproxy: Implement health_follow_redirects (#6302)
|
|
* caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)
|
|
* go.mod: Upgrade to quic-go v0.43.1
|
|
* reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)
|
|
* caddytls: Ability to drop connections (close #6294)
|
|
* build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)
|
|
* httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)
|
|
* caddytls: Evict internal certs from cache based on issuer (#6266)
|
|
* chore: add warn logs when using deprecated fields (#6276)
|
|
* caddyhttp: Fix linter warning about deprecation
|
|
* go.mod: Upgrade to quic-go v0.43.0
|
|
* fileserver: Set "Vary: Accept-Encoding" header (see #5849)
|
|
* events: Add debug log
|
|
* reverseproxy: handle buffered data during hijack (#6274)
|
|
* ci: remove `android` and `plan9` from cross-build workflow (#6268)
|
|
* run `golangci-lint run --fix --fast` (#6270)
|
|
* caddytls: Option to configure certificate lifetime (#6253)
|
|
* replacer: Implement `file.*` global replacements (#5463)
|
|
* caddyhttp: Address some Go 1.20 features (#6252)
|
|
* Quell linter (false positive)
|
|
* reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)
|
|
* doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)
|
|
* caddytls: Add Caddyfile support for on-demand permission module (close #6260)
|
|
* reverseproxy: Remove long-deprecated buffering properties
|
|
* reverseproxy: Reuse buffered request body even if partially drained
|
|
* reverseproxy: Accept EOF when buffering
|
|
* logging: Fix default access logger (#6251)
|
|
* fileserver: Improve Vary handling (#5849)
|
|
* cmd: Only validate config is proper JSON if config slice has data (#6250)
|
|
* staticresp: Use the evaluated response body for sniffing JSON content-type (#6249)
|
|
* encode: Slight fix for the previous commit
|
|
* encode: Improve Etag handling (fix #5849)
|
|
* httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)
|
|
* caddyfile: Populate regexp matcher names by default (#6145)
|
|
* caddyhttp: record num. bytes read when response writer is hijacked (#6173)
|
|
* caddyhttp: Support multiple logger names per host (#6088)
|
|
* chore: fix some typos in comments (#6243)
|
|
* encode: Configurable compression level for zstd (#6140)
|
|
* caddytls: Remove shim code supporting deprecated lego-dns (#6231)
|
|
* connection policy: add `local_ip` matcher (#6074)
|
|
* reverseproxy: Wait for both ends of websocket to close (#6175)
|
|
* caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
|
|
* caddytls: Still provision permission module if ask is specified
|
|
* fileserver: read etags from precomputed files (#6222)
|
|
* fileserver: Escape # and ? in img src (fix #6237)
|
|
* reverseproxy: Implement modular CA provider for TLS transport (#6065)
|
|
* caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)
|
|
* cmd: Fix panic related to config filename (fix #5919)
|
|
* cmd: Assume Caddyfile based on filename prefix and suffix (#5919)
|
|
* admin: Make `Etag` a header, not a trailer (#6208)
|
|
* caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)
|
|
* caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)
|
|
* gitignore: Add rule for caddyfile.go (#6225)
|
|
* chore: Fix broken links in README.md (#6223)
|
|
* chore: Upgrade some dependencies (#6221)
|
|
* caddyhttp: Add plaintext response to `file_server browse` (#6093)
|
|
* admin: Use xxhash for etag (#6207)
|
|
* modules: fix some typo in conments (#6206)
|
|
* caddyhttp: Replace sensitive headers with REDACTED (close #5669)
|
|
* caddyhttp: close quic connections when server closes (#6202)
|
|
* reverseproxy: Use xxhash instead of fnv32 for LB (#6203)
|
|
* caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)
|
|
* chore: upgrade deps (#6198)
|
|
* chore: remove repetitive word (#6193)
|
|
* Added a null check to avoid segfault on rewrite query ops (#6191)
|
|
* rewrite: `uri query` replace operation (#6165)
|
|
* logging: support `ms` duration format and add docs (#6187)
|
|
* replacer: use RWMutex to protect static provider (#6184)
|
|
* caddyhttp: Allow `header` replacement with empty string (#6163)
|
|
* vars: Make nil values act as empty string instead of `"<nil>"` (#6174)
|
|
* chore: Update quic-go to v0.42.0 (#6176)
|
|
* caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)
|
|
* reverseproxy: configurable active health_passes and health_fails (#6154)
|
|
* reverseproxy: Configurable forward proxy URL (#6114)
|
|
* caddyhttp: upgrade to cel v0.20.0 (#6161)
|
|
* chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169)
|
|
* caddyhttp: suppress flushing if the response is being buffered (#6150)
|
|
* chore: encode: use FlushError instead of Flush (#6168)
|
|
* encode: write status immediately when status code is informational (#6164)
|
|
* httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153)
|
|
* httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865)
|
|
* rewrite: Implement `uri query` operations (#6120)
|
|
* fix struct names (#6151)
|
|
* fileserver: Preserve query during canonicalization redirect (#6109)
|
|
* logging: Implement `log_append` handler (#6066)
|
|
* httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)
|
|
* logging: Implement `append` encoder, allow flatter filters config (#6069)
|
|
* ci: fix the integration test `TestLeafCertLoaders` (#6149)
|
|
* vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108)
|
|
* caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)
|
|
* cmd: Adjust config load logs/errors (#6032)
|
|
* reverseproxy: SRV dynamic upstream failover (#5832)
|
|
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)
|
|
* core: OnExit hooks (#6128)
|
|
* cmd: fix the output of the `Usage` section (#6138)
|
|
* caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)
|
|
* acmeserver: add policy field to define allow/deny rules (#5796)
|
|
* reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)
|
|
* caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119)
|
|
* tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103)
|
|
* caddyfile: Assert having a space after heredoc marker to simply check (#6117)
|
|
* chore: Update Chroma to get the new Caddyfile lexer (#6118)
|
|
* reverseproxy: use context.WithoutCancel (#6116)
|
|
* caddyfile: Reject directives in the place of site addresses (#6104)
|
|
* caddyhttp: Register post-shutdown callbacks (#5948)
|
|
* caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)
|
|
* caddyauth: Drop support for `scrypt` (#6091)
|
|
* Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100)
|
|
* caddyauth: Rename `basicauth` to `basic_auth` (#6092)
|
|
* logging: Inline Caddyfile syntax for `ip_mask` filter (#6094)
|
|
* caddyfile: Reject long heredoc markers (#6098)
|
|
* chore: Rename CI jobs, run on M1 mac (#6089)
|
|
* update comment
|
|
* improved list
|
|
* fix: add back text/*
|
|
* fix: add more media types to the compressed by default list
|
|
* acmeserver: support specifying the allowed challenge types (#5794)
|
|
* matchers: Drop `forwarded` option from `remote_ip` matcher (#6085)
|
|
* caddyhttp: Test cases for `%2F` and `%252F` (#6084)
|
|
* bump to golang 1.22 (#6083)
|
|
* fileserver: Browse can show symlink target if enabled (#5973)
|
|
* core: Support NO_COLOR env var to disable log coloring (#6078)
|
|
* build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080)
|
|
* Update comment in setcap helper script
|
|
* caddytls: Make on-demand 'ask' permission modular (#6055)
|
|
* core: Add `ctx.Slogger()` which returns an `slog` logger (#5945)
|
|
* chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043)
|
|
* chore: enabling a few more linters (#5961)
|
|
* caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)
|
|
* caddyfile: Switch to slices.Equal for better performance (#6061)
|
|
* tls: modularize trusted CA providers (#5784)
|
|
* logging: Automatic `wrap` default for `filter` encoder (#5980)
|
|
* caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)
|
|
* caddyfile: Normalize & flatten all unmarshalers (#6037)
|
|
* cmd: reverseproxy: log: use caddy logger (#6042)
|
|
* matchers: `query` now ANDs multiple keys (#6054)
|
|
* caddyfile: Add heredoc support to `fmt` command (#6056)
|
|
* refactor: move automaxprocs init in caddycmd.Main()
|
|
* caddyfile: Allow heredoc blank lines (#6051)
|
|
* httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965)
|
|
* httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
|
|
* fileserver: Implement caddyfile.Unmarshaler interface (#5850)
|
|
* reverseproxy: Add `tls_curves` option to HTTP transport (#5851)
|
|
* caddyhttp: Security enhancements for client IP parsing (#5805)
|
|
* replacer: Fix escaped closing braces (#5995)
|
|
* filesystem: Globally declared filesystems, `fs` directive (#5833)
|
|
* ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031)
|
|
* httpcaddyfile: Fix redir <to> html (#6001)
|
|
* httpcaddyfile: Support client auth verifiers (#6022)
|
|
* tls: add reuse_private_keys (#6025)
|
|
* reverseproxy: Only change Content-Length when full request is buffered (#5830)
|
|
* Switch Solaris-derivatives away from listen_unix (#6021)
|
|
* build(deps): bump actions/upload-artifact from 3 to 4 (#6013)
|
|
* build(deps): bump actions/setup-go from 4 to 5 (#6012)
|
|
* chore: check against errors of `io/fs` instead of `os` (#6011)
|
|
* caddyhttp: support unix sockets in `caddy respond` command (#6010)
|
|
* fileserver: Add total file size to directory listing (#6003)
|
|
* httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
|
|
* build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994)
|
|
* cmd: use automaxprocs for better perf in containers (#5711)
|
|
* logging: Add `zap.Option` support (#5944)
|
|
* httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)
|
|
* metrics: Record request metrics on HTTP errors (#5979)
|
|
* go.mod: Updated quic-go to v0.40.1 (#5983)
|
|
* fileserver: Enable compression for command by default (#5855)
|
|
* fileserver: New --precompressed flag (#5880)
|
|
* caddyhttp: Add `uuid` to access logs when used (#5859)
|
|
* proxyprotocol: use github.com/pires/go-proxyproto (#5915)
|
|
* cmd: Preserve LastModified date when exporting storage (#5968)
|
|
* core: Always make AppDataDir for InstanceID (#5976)
|
|
* chore: cross-build for AIX (#5971)
|
|
* caddytls: Sync distributed storage cleaning (#5940)
|
|
* caddytls: Context to DecisionFunc (#5923)
|
|
* tls: accept placeholders in string values of certificate loaders (#5963)
|
|
* templates: Offically make templates extensible (#5939)
|
|
* http2 uses new round-robin scheduler (#5946)
|
|
* panic when reading from backend failed to propagate stream error (#5952)
|
|
* chore: Bump otel to v1.21.0. (#5949)
|
|
* httpredirectlistener: Only set read limit for when request is HTTP (#5917)
|
|
* fileserver: Add .m4v for browse template icon
|
|
* Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924)
|
|
* go.mod: update quic-go version to v0.40.0 (#5922)
|
|
* update quic-go to v0.39.3 (#5918)
|
|
* chore: Fix usage pool comment (#5916)
|
|
* test: acmeserver: add smoke test for the ACME server directory (#5914)
|
|
* Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
|
|
* caddyhttp: Adjust `scheme` placeholder docs (#5910)
|
|
* go.mod: Upgrade quic-go to v0.39.1
|
|
* go.mod: CVE-2023-45142 Update opentelemetry (#5908)
|
|
* templates: Delete headers on `httpError` to reset to clean slate (#5905)
|
|
* httpcaddyfile: Remove port from logger names (#5881)
|
|
* core: Apply SO_REUSEPORT to UDP sockets (#5725)
|
|
* caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
|
|
* cmd: Add newline character to version string in CLI output (#5895)
|
|
* core: quic listener will manage the underlying socket by itself (#5749)
|
|
* templates: Clarify `include` args docs, add `.ClientIP` (#5898)
|
|
* httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
|
|
* cmd: upgrade: resolve symlink of the executable (#5891)
|
|
* caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
|
|
|
|
- Packaging improvements:
|
|
* Update to BuildRequires: golang(API) >= 1.21 matching go.mod
|
|
|
|
- CVEs:
|
|
* CVE-2024-22189 (bsc#1222468)
|
|
* CVE-2023-45142
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 31 12:39:10 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
|
|
|
|
- Fix --no-check build
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 6 13:22:22 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Packaging improvements:
|
|
* Remove define github project name components no longer needed
|
|
* Remove define gname and uname for user and group creation, use
|
|
package name macro with identical value
|
|
* Drop BuildRequires: golang-packaging. The original macros for
|
|
file movements into GOPATH are obsolete with Go modules. Macro
|
|
go_nostrip is no longer needed with current binutils and Go.
|
|
* Use autosetup -a 1 to unpack source and vendored dependencies
|
|
* Drop export CGO_ENABLED="0". Use the default unless there is a
|
|
defined requirement or benefit.
|
|
* Build PIE with pattern that may become recommended procedure:
|
|
%%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
|
|
A go toolchain buildmode default config would be preferable
|
|
but none exist at this time.
|
|
* Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
|
|
* Remove ldflags -s (Omit symbol table and debug info) and -w
|
|
(Omit DWARF symbol table). This information is used to produce
|
|
separate debuginfo packages and binaries are stripped for
|
|
reduced size by GNU strip during RPM build.
|
|
* Add basic %check to execute binary --help
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 6 08:23:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Drop deprecated go_provides macro: even though it tries to guard
|
|
on suse_version <= 1110, it has entirely disarms the dep scanner.
|
|
- Remove the manual user/group provides: the package uses
|
|
sysusers.d; the auto-provides were not working due to the broken
|
|
go_provides.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 5 13:40:52 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
|
|
|
- Provide user and group (due to RPM 4.19)
|
|
- Update caddy.sysusers to also create a group
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 08 02:07:42 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Update to version 2.7.6:
|
|
* caddytls: Sync distributed storage cleaning (#5940)
|
|
* caddytls: Context to DecisionFunc (#5923)
|
|
* tls: accept placeholders in string values of certificate loaders (#5963)
|
|
* templates: Offically make templates extensible (#5939)
|
|
* http2 uses new round-robin scheduler (#5946)
|
|
* panic when reading from backend failed to propagate stream error (#5952)
|
|
* chore: Bump otel to v1.21.0. (#5949)
|
|
* httpredirectlistener: Only set read limit for when request is HTTP (#5917)
|
|
* fileserver: Add .m4v for browse template icon
|
|
* Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924)
|
|
* go.mod: update quic-go version to v0.40.0 (#5922)
|
|
* update quic-go to v0.39.3 (#5918)
|
|
* chore: Fix usage pool comment (#5916)
|
|
* test: acmeserver: add smoke test for the ACME server directory (#5914)
|
|
* Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
|
|
* caddyhttp: Adjust `scheme` placeholder docs (#5910)
|
|
* go.mod: Upgrade quic-go to v0.39.1
|
|
* go.mod: CVE-2023-45142 Update opentelemetry (#5908)
|
|
* templates: Delete headers on `httpError` to reset to clean slate (#5905)
|
|
* httpcaddyfile: Remove port from logger names (#5881)
|
|
* core: Apply SO_REUSEPORT to UDP sockets (#5725)
|
|
* caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
|
|
* cmd: Add newline character to version string in CLI output (#5895)
|
|
* core: quic listener will manage the underlying socket by itself (#5749)
|
|
* templates: Clarify `include` args docs, add `.ClientIP` (#5898)
|
|
* httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
|
|
* cmd: upgrade: resolve symlink of the executable (#5891)
|
|
* caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 13 20:05:08 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Update to version 2.7.5:
|
|
* admin: Respond with 4xx on non-existing config path (#5870)
|
|
* ci: Force the Go version for govulncheck (#5879)
|
|
* fileserver: Set canonical URL on browse template (#5867)
|
|
* tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)
|
|
* reverseproxy: Add more debug logs (#5793)
|
|
* reverseproxy: Fix `least_conn` policy regression (#5862)
|
|
* reverseproxy: Add logging for dynamic A upstreams (#5857)
|
|
* reverseproxy: Replace health header placeholders (#5861)
|
|
* httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
|
|
* cmd: Fix exiting with custom status code, add `caddy -v` (#5874)
|
|
* reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)
|
|
* reverseproxy: Fix retries on "upstreams unavailable" error (#5841)
|
|
* httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808)
|
|
* encode: Add `application/wasm*` to the default content types (#5869)
|
|
* fileserver: Add command shortcuts `-l` and `-a` (#5854)
|
|
* go.mod: Upgrade dependencies incl. x/net/http
|
|
* templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845)
|
|
* reverseproxy: Allow fallthrough for response handlers without routes (#5780)
|
|
* fix: caddytest.AssertResponseCode error message (#5853)
|
|
* build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)
|
|
* build(deps): bump actions/checkout from 3 to 4 (#5846)
|
|
* caddyhttp: Use LimitedReader for HTTPRedirectListener
|
|
* fileserver: browse template SVG icons and UI tweaks (#5812)
|
|
* reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)
|
|
* httpcaddyfile: fix placeholder shorthands in named routes (#5791)
|
|
* cmd: Prevent overwriting existing env vars with `--envfile` (#5803)
|
|
* ci: Run govulncheck (#5790)
|
|
* logging: query filter for array of strings (#5779)
|
|
* logging: Clone array on log filters, prevent side-effects (#5786)
|
|
* fileserver: Export BrowseTemplate
|
|
* ci: ensure short-sha is exported correctly on all platforms (#5781)
|
|
* caddyfile: Fix case where heredoc marker is empty after newline (#5769)
|
|
* go.mod: Update quic-go to v0.38.0 (#5772)
|
|
* chore: Appease gosec linter (#5777)
|
|
* replacer: change timezone to UTC for "time.now.http" placeholders (#5774)
|
|
* caddyfile: Adjust error formatting (#5765)
|
|
* update quic-go to v0.37.6 (#5767)
|
|
* httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)
|
|
* caddyfile: Loosen heredoc parsing (#5761)
|
|
* fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751)
|
|
* fix package typo (#5764)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 21 14:20:37 UTC 2023 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
|
|
|
- Switch to sysuser for user setup
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 17 22:55:36 UTC 2023 - jkowalczyk@suse.com
|
|
|
|
- Update to version 2.7.4:
|
|
* go.mod: Upgrade CertMagic and quic-go
|
|
* reverseproxy: Always return new upstreams (fix #5736) (#5752)
|
|
* ci: use gci linter (#5708)
|
|
* fileserver: Slightly more fitting icons
|
|
* cmd: Require config for caddy validate (fix #5612) (#5614)
|
|
* Fix tests
|
|
* caddytls: Update docs for on-demand config
|
|
* fileserver: Don't repeat error for invalid method inside error context (#5705)
|
|
* ci: Update to Go 1.21 (#5719)
|
|
* ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720)
|
|
* go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)
|
|
* ci: Use gofumpt to format code (#5707)
|
|
* templates: Fix httpInclude (fix #5698)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 17 22:54:37 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Use _service mode manual as better alias name than disabled
|
|
* osc reports service mode disabled as obsolete
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 06 01:06:42 UTC 2023 - jkowalczyk@suse.com
|
|
|
|
- Update to version 2.7.3:
|
|
* go.mod: Upgrade to quic-go v0.37.3
|
|
* cmd: Split unix sockets for admin endpoint addresses (#5696)
|
|
* reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)
|
|
* caddyfile: check that matched key is not a substring of the replacement key (#5685)
|
|
* chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691)
|
|
* go.mod: Upgrade quic-go to v0.37.2 (fix #5680)
|
|
* fileserver: browse: Render SVG images in grid
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 04 19:12:07 UTC 2023 - elimat@opensuse.org
|
|
|
|
- Update to version 2.7.2:
|
|
* reverseproxy: Fix hijack ordering which broke websockets (#5679)
|
|
* httpcaddyfile: Fix `string does not match ~[]E` error (#5675)
|
|
* encode: Fix infinite recursion (#5672)
|
|
* caddyhttp: Make use of `http.ResponseController` (#5654)
|
|
* go.mod: Upgrade dependencies esp. smallstep/certificates
|
|
* core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)
|
|
* httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643)
|
|
* reverseproxy: Connection termination cleanup (#5663)
|
|
* go.mod: Use quic-go 0.37.1
|
|
* reverseproxy: Export ipVersions type (#5648)
|
|
* go.mod: Use latest CertMagic (v0.19.1)
|
|
* caddyhttp: Preserve original error (fix #5652)
|
|
* fileserver: add lazy image loading (#5646)
|
|
* go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)
|
|
* core: Refine mutex during reloads (fix #5628) (#5645)
|
|
* go.mod: update quic-go to v0.36.2 (#5636)
|
|
* fileserver: Tweak grid view of browse template
|
|
* fileserver: add `export-template` sub-command to `file-server` (#5630)
|
|
* caddyfile: Fix comparing if two tokens are on the same line (#5626)
|
|
* caddytls: Reuse certificate cache through reloads (#5623)
|
|
* Minor tweaks to security.md
|
|
* reverseproxy: Pointer receiver
|
|
* caddyhttp: Trim dot/space only on Windows (fix #5613)
|
|
* update quic-go to v0.36.1 (#5611)
|
|
* caddyconfig: Specify config adapter for HTTP loader (close #5607)
|
|
* core: Embed net.UDPConn to gain optimizations (#5606)
|
|
* chore: remove deprecated property `rlcp` in goreleaser config (#5608)
|
|
* core: Skip `chmod` for abstract unix sockets (#5596)
|
|
* core: Add optional unix socket file permissions (#4741)
|
|
* reverseproxy: Honor `tls_except_port` for active health checks (#5591)
|
|
* Appease linter
|
|
* Fix compile on Windows, hopefully
|
|
* core: Properly preserve unix sockets (fix #5568)
|
|
* go.mod: Upgrade CertMagic for hotfix
|
|
* go.mod: Upgrade some dependencies
|
|
* chore: upgrade otel (#5586)
|
|
* go.mod: Update quic-go to v0.36.0 (#5584)
|
|
* reverseproxy: weighted_round_robin load balancing policy (#5579)
|
|
* reverseproxy: Experimental streaming timeouts (#5567)
|
|
* chore: remove refs of deprecated io/ioutil (#5576)
|
|
* headers: Allow `>` to defer shortcut for replacements (#5574)
|
|
* caddyhttp: Support custom network for HTTP/3 (#5573)
|
|
* reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)
|
|
* fileserver: browse: Better grid layout (#5564)
|
|
* caddytls: Clarify some JSON config docs
|
|
* cmd: Implement storage import/export (#5532)
|
|
* go.mod: Upgrade quic-go to 0.35.1
|
|
* update quic-go to v0.35.0 (#5560)
|
|
* templates: Add `readFile` action that does not evaluate templates (#5553)
|
|
* caddyfile: Track import name instead of modifying filename (#5540)
|
|
* core: Use SO_REUSEPORT_LB on FreeBSD (#5554)
|
|
* caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
|
|
* fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)
|
|
* fileserver: browse: minor tweaks for grid view, dark mode (#5545)
|
|
* fileserver: Only set Etag if not already set (fix #5546) (#5547)
|
|
* fileserver: Fix file browser breadcrumb font (#5543)
|
|
* caddyhttp: Fix h3 shutdown (#5541)
|
|
* fileserver: More filetypes for browse icons
|
|
* fileserver: Fix file browser footer in grid mode (#5536)
|
|
* cmd: Avoid spammy log messages (fix #5538)
|
|
* httpcaddyfile: Sort Caddyfile slice
|
|
* caddyhttp: Implement named routes, `invoke` directive (#5107)
|
|
* rewrite: use escaped path, fix #5278 (#5504)
|
|
* headers: Add > Caddyfile shortcut for enabling defer (#5535)
|
|
* go.mod: Upgrade several dependencies
|
|
* reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
|
|
* fileserver: Use EscapedPath for browse (#5534)
|
|
* caddyhttp: Refactor cert Managers (fix #5415) (#5533)
|
|
* Slightly more helpful error message
|
|
* caddytls: Check for nil ALPN; close #5470 (#5473)
|
|
* cmd: Reduce spammy logs from --watch
|
|
* caddyhttp: Add a getter for Server.name (#5531)
|
|
* caddytls: Configurable fallback SNI (#5527)
|
|
* caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
|
|
* Add doc comment about changing admin endpoint
|
|
* feature: watch include directory (#5521)
|
|
* chore: remove deprecated linters (#5525)
|
|
* go.mod: Upgrade CertMagic again
|
|
* go.mod: Upgrade CertMagic
|
|
* reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
|
|
* reverseproxy: Fix active health check header canonicalization, refactor (#5446)
|
|
* reverseproxy: Add `fallback` for some policies, instead of always random (#5488)
|
|
* logging: Actually honor the SoftStart parameter
|
|
* logging: Soft start for net writer (close #5520)
|
|
* fastcgi: Fix `capture_stderr` (#5515)
|
|
* acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500)
|
|
* go.mod: Update some dependencies
|
|
* logging: Add traceID field to access logs when tracing is active (#5507)
|
|
* caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509)
|
|
* reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
|
|
* fix some comments (#5508)
|
|
* templates: Add `fileStat` function (#5497)
|
|
* caddyfile: Stricter parsing, error for brace on new line (#5505)
|
|
* core: Return default logger if no modules loaded
|
|
* celmatcher: Implement `pkix.Name` conversion to string (#5492)
|
|
* chore: Adjustments to CI caching (#5495)
|
|
* reverseproxy: Remove deprecated `lookup_srv` (#5396)
|
|
* cmd: Support `'` quotes in envfile parsing (#5437)
|
|
* Update contributing guidelines (#5466)
|
|
* caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
|
|
* reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468)
|
|
* cmd: Create pidfile before config load (close #5477)
|
|
* fileserver: Add color-scheme meta tag (#5475)
|
|
* build(deps): bump actions/setup-go from 3 to 4 (#5474)
|
|
* proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424)
|
|
* reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
|
|
* caddyhttp: Log request body bytes read (#5461)
|
|
* log: Make sink logs encodable (#5441)
|
|
* caddytls: Eval replacer on automation policy subjects (#5459)
|
|
* headers: Support deleting all headers as first op (#5464)
|
|
* replacer: Add HTTP time format (#5458)
|
|
* reverseproxy: Header up/down support for CLI command (#5460)
|
|
* caddyhttp: Determine real client IP if trusted proxies configured (#5104)
|
|
* httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)
|
|
* caddytls: Zero out throttle window first (#5443)
|
|
* ci: add `--yes` to cosign arguments (#5440)
|
|
* reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
|
|
* caddytls: Allow on-demand w/o ask for internal-only
|
|
* caddytls: Require 'ask' endpoint for on-demand TLS
|
|
* fileserver: New file browse template (#5427)
|
|
* go.mod: Upgrade dependencies
|
|
* tracing: Support autoprop from OTEL_PROPAGATORS (#5147)
|
|
* caddyhttp: Enable 0-RTT QUIC (#5425)
|
|
* encode: flush status code when hijacked. (#5419)
|
|
* fileserver: Remove trailing slash on fs filenames (#5417)
|
|
* core: Eliminate unnecessary shutdown delay on Unix (#5413)
|
|
* caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408)
|
|
* context: Rename func to `AppIfConfigured` (#5397)
|
|
* reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)
|
|
* ci/cd: ship tarballs with vendored deps (#5403)
|
|
* caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)
|
|
* caddyfile: Implement heredoc support (#5385)
|
|
* cmd: Expand cobra support, add short flags (#5379)
|
|
* ci: Update minimum Go version to 1.19
|
|
* go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)
|
|
* reverseproxy: refactor HTTP transport layer (#5369)
|
|
* caddytls: Relax the warning for on-demand (#5384)
|
|
* cmd: Strict unmarshal for validate (#5383)
|
|
* caddyfile: Implement variadics for import args placeholders (#5249)
|
|
* cmd: make `caddy fmt` hints more clear (#5378)
|
|
* cmd: Adjust documentation for commands (#5377)
|
|
- BuildRequires: golang(API) >= 1.20 for guic-go bump
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Apr 30 18:17:39 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Fix failing build on SLE-12 by defining _sharedstatedir /var/lib
|
|
on SLE-12 consistent with SLE-15, openSUSE and upstream RPM docs.
|
|
* SLE-12 _sharedstatedir was /usr/com, _localstatedir is /var as expected
|
|
* SLE-15+ _sharedstatedir is /var/lib, _localstatedir is /var
|
|
* _sharedstatedir used here as home directory for newly created user caddy
|
|
* If not redefined build fails with empty /usr/com not owned by any package
|
|
* Switch to useradd -d %{_sharedstatedir} from %{_localstatedir}/lib
|
|
The latter is common in Factory packages possibly for historical reasons,
|
|
opt for the less common option here for equivalence and clarity.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Apr 29 22:23:15 UTC 2023 - jkowalczyk@suse.com
|
|
|
|
- Update to version 2.6.4:
|
|
* go.mod: Upgrade acmez and x/net
|
|
* reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 09 10:19:47 UTC 2023 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.6.3:
|
|
* New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally
|
|
* Unix sockets on Windows now supported as proxy upstreams
|
|
* Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written)
|
|
* The quic-go package has received significant optimizations and HTTP/3 should be more efficient now
|
|
* CVE-2022-41721: ineffective mitigation for unsafe io.ReadAll (boo#1207207)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 13 19:10:18 UTC 2022 - jkowalczyk@suse.com
|
|
|
|
- Update to version 2.6.2:
|
|
* httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120)
|
|
* httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
|
|
* fileserver: stop listing dir when request context is cancelled (#5131)
|
|
* replacer: working directory global placeholder (#5127)
|
|
* httpcaddyfile: Fix `metrics` global option parsing (#5126)
|
|
* caddyconfig: Implement retries into HTTPLoader (#5077)
|
|
* Fix typo in comment (#5121)
|
|
* logging: Fix `skip_hosts` with wildcards (#5102)
|
|
* caddytest: Revise sleep durations
|
|
* core: Set version manually via CustomVersion (#5072)
|
|
* forwardauth: Canonicalize header fields (fix #5038) (#5097)
|
|
* logging: Perform filtering on arrays of strings (where possible) (#5101)
|
|
* logging: Add `time_local` option to use local time instead of UTC (#5108)
|
|
* fileserver: Treat invalid file path as NotFound (#5099)
|
|
* logging: Better `console` encoder defaults (#5109)
|
|
* httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110)
|
|
* core: Chdir to executable location on Windows (#5115)
|
|
* ci: enhance the CI/CD flow (#5118)
|
|
* Fix inverted logic in Windows service detection (#5106)
|
|
* fileserver: better dark mode visited link contrast (#5105)
|
|
* go.mod: Upgrade select dependencies
|
|
* caddyhttp: Remote IP prefix placeholders
|
|
* map: Remove infinite recursion check (#5094)
|
|
* reverseproxy: Parse humanized byte size (fix #5095)
|
|
* admin: Use replacer on listen addresses (#5071)
|
|
* core: Fix ListenQUIC listener key conflict
|
|
* reverseproxy: On 103 don't delete own headers (#5091)
|
|
* caddyhttp: replace placeholders in map defaults (#5081)
|
|
* core: Refactor and improve listener logic (#5089)
|
|
* rewrite: Only trim prefix if matched
|
|
* reverseproxy: fix upstream scheme handling in command (#5088)
|
|
* ci: fix integration tests (#5079)
|
|
* headers: Support repeated WriteHeader if 1xx (fix #5074)
|
|
* fastcgi: Redirect using original URI path (fix #5073)
|
|
* ci: extend goreleaser timeout to 1-hour (#5067)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 23 19:30:59 UTC 2022 - jkowalczyk@suse.com
|
|
|
|
- Update to version 2.6.1:
|
|
* core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063)
|
|
* encode: don't WriteHeader unless called (#5060)
|
|
* fileserver: Reinstate --debug flag
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 20 20:44:58 UTC 2022 - jkowalczyk@suse.com
|
|
|
|
- Update to version 2.6.0:
|
|
* httpcaddyfile: Fix `protocols` global option parsing (#5054)
|
|
* caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051)
|
|
* caddyhttp: Honor grace period in background (#5043)
|
|
* events: Make event data exported
|
|
* caddyhttp: responseRecorder save status in all cases (#5049)
|
|
* caddyhttp: Fix write header on responseRecorder
|
|
* ci: fix the name template of singing certificate and sboms (#5046)
|
|
* core: Variadic Context.Logger(); soft deprecation
|
|
* caddyhttp: Support configuring Server from handler provisioning (#4933)
|
|
* caddyhttp: Support TLS key logging for debugging (#4808)
|
|
* caddyhttp: Make metrics opt-in (#5042)
|
|
* caddytls: Debug log on implicit tailscale error (#5041)
|
|
* caddyhttp: Add --debug flag to commands
|
|
* encode: Fix Accept-Ranges header; HEAD requests (#5039)
|
|
* Reject absurdly long duration strings (fix #4175)
|
|
* Fix #4169 (correct e6c58fd)
|
|
* caddyfile: Prevent infinite nesting on fmt (fix #4175)
|
|
* Limit unclosed placeholder tolerance (fix #4170)
|
|
* reverseproxy: Support repeated --to flags in command (#4693)
|
|
* caddyhttp: Add 'skip_log' var to omit request from logs (#4691)
|
|
* httpcaddyfile: Fix bind when IPv6 is specified with network (#4950)
|
|
* cmd: Improve error message if config missing
|
|
* cmd: Customizable user agent (close #2795)
|
|
* httpcaddyfile: Fix sorting of repeated directives
|
|
* caddyhttp: Very minor optimization to path matcher
|
|
* caddyhttp: Explicitly disallow multiple regexp matchers (#5030)
|
|
* caddytls: Error if placeholder is empty in 'ask'
|
|
* supplychain: publish signing cert, sbom, and signatures of sbom (#5027)
|
|
* go.mod: Update truststore
|
|
* Very minor tweaks
|
|
* core: Check error on ListenQUIC
|
|
* fileserver: Ignore EOF when browsing empty dir
|
|
* caddyhttp: ensure ResponseWriterWrapper and ResponseRecorder use ReadFrom if the underlying response writer implements it. (#5022)
|
|
* cmd: Enhance some help text
|
|
* httpcaddyfile: Add a couple more placeholder shortcuts (#5015)
|
|
* Drop requirement for filesystems to implement fs.StatFS
|
|
* ci: grant the `release` workflow the `write` permission to `contents` (#5017)
|
|
* ci: add `id-token` permission and update the signing command (#5016)
|
|
* go.mod: Upgrade CertMagic (v0.17.1)
|
|
* fileserver: Support glob expansion in file matcher (#4993)
|
|
* caddyhttp: Support `respond` with HTTP 103 Early Hints (#5006)
|
|
* Remove unnecessary error check
|
|
* caddyauth: Speed up basicauth provision, deprecate scrypt (#4720)
|
|
* ci: generate SBOM and sign artifacts using cosign (#4910)
|
|
* reverseproxy: Close hijacked conns on reload/quit (#4895)
|
|
* core: Refactor listeners; use SO_REUSEPORT on Unix (#4705)
|
|
* fastcgi: Optimize FastCGI transport (#4978)
|
|
* Minor style adjustments for HTTP redir logging
|
|
* Update readme
|
|
* Minor fix of error log
|
|
* notify: Don't send ready after error (fix #5003)
|
|
* templates: Document `httpError` function (#4972)
|
|
* fastcgi: allow users to log stderr output (#4967) (#5004)
|
|
* cmd: Don't print long help text on error
|
|
* Fix failing test
|
|
* dist: deb package manpages and bash completion scripts (#5007)
|
|
* caddyhttp: Copy logger config to HTTP server during AutoHTTPS (#4990)
|
|
* map: Coerce val to string, fix #4987
|
|
* httpcaddyfile: Add shortcut for expression matchers (#4976)
|
|
* caddyhttp: Accept placeholders in vars matcher key
|
|
* core: Plugins can register listener networks (#5002)
|
|
* caddyhttp: Disable draft versions of QUIC
|
|
* events: Tune logging and context cancellation
|
|
* events: Implement event system (#4912)
|
|
* httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001)
|
|
* caddyhttp: Set Content-Type for static response (#4999)
|
|
* cmd: Enhance CLI docs
|
|
* cmd: add completion command (#4994)
|
|
* cmd: Migrate to `spf13/cobra`, remove single-dash arg support (#4565)
|
|
* Minor cleanup, resolve a couple lint warnings
|
|
* Remove duplicate words in comments (#4986)
|
|
* reverseproxy: Add upstreams healthy metrics (#4935)
|
|
* admin: Don't stop old server if new one fails (#4964)
|
|
* reverseproxy: Multiple dynamic upstreams
|
|
* Fix comment indentation
|
|
* zstd: fix typo in comment (#4985)
|
|
* httpcaddyfile: Add ocsp_interval global option (#4980)
|
|
* caddytls: Log error if ask request fails
|
|
* ci: Increase linter timeout (#4981)
|
|
* templates: cap of slice should not be smaller than length (#4975)
|
|
* caddyhttp: Fix for nil `handlerErr.Err` (#4977)
|
|
* caddyhttp: Set `http.error.message` to the HandlerError message (#4971)
|
|
* go.mod: Upgrade CertMagic to v0.16.3
|
|
* core: Change net.IP to netip.Addr; use netip.Prefix (#4966)
|
|
* Clean up metrics test code
|
|
* caddyhttp: Smarter path matching and rewriting (#4948)
|
|
* fileserver: reset buffer before using it (#4962) (#4963)
|
|
* caddyhttp: Enable HTTP/3 by default (#4707)
|
|
* reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953)
|
|
* reverseproxy: Ignore context cancel in stream mode (#4952)
|
|
* reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951)
|
|
* httpcaddyfile: redir with "html" emits 200, no Location (fix #4940)
|
|
* reverseproxy: Support 1xx status codes (HTTP early hints) (#4882)
|
|
* logging: Fix `cookie` filter (#4943)
|
|
* go.mod: Upgrade OpenTelemetry dependencies (#4937)
|
|
* fileserver: Better fix for Etag of compressed files
|
|
* fileserver: Generate Etag from sidecar file
|
|
* Improve docs for ZeroSSL issuer
|
|
* Replace strings.Index with strings.Cut (#4932)
|
|
* Replace strings.Index usages with strings.Cut (#4930)
|
|
* cmd: Use newly-available version information (#4931)
|
|
* httpserver: Configurable shutdown delay (#4906)
|
|
* go.mod: Upgrade CertMagic and acmez
|
|
* chore: Bump up to Go 1.19, minimum 1.18 (#4925)
|
|
* Oops (sigh)
|
|
* caddyhttp: Implement `caddy respond` command (#4870)
|
|
* fileserver: Support virtual file system in Caddyfile
|
|
* fileserver: Support virtual file systems (#4909)
|
|
* Minor docs clarification
|
|
* core: Windows service integration (#4790)
|
|
* chore: Add .gitattributes to force *.go to LF (#4919)
|
|
* Fix compilation on Windows
|
|
* Ignore linter warnings
|
|
* Fix deprecation notice by using UTF16PtrFromString
|
|
* caddyhttp: Clear out matcher error immediately after grabbing it (#4916)
|
|
* Finish fixing lint errors from ea8df6ff
|
|
* caddytls: Remove PreferServerCipherSuites
|
|
* caddyhttp: Use new CEL APIs (fix #4915)
|
|
* ci: Run golangci-lint on multiple os(#4875) (#4913)
|
|
* go.mod: Upgrade dependencies
|
|
* httpcaddyfile: Detect ambiguous site definitions (fix #4635)
|
|
* caddyhttp: Log shutdown errors, don't return (fix #4908)
|
|
* reverseproxy: Implement read & write timeouts for HTTP transport (#4905)
|
|
* cmd: Fix reload with stdin (#4900)
|
|
* caddyhttp: Enhance comment
|
|
* reverseproxy: Implement retry count, alternative to try_duration (#4756)
|
|
* caddyhttp: Make query matcher more efficient
|
|
* reverseproxy: Export SetScheme() again
|
|
- BuildRequires: golang(API) >= 1.18 for new net/netip package
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 15 19:01:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- Update to version 2.5.2:
|
|
* admin: expect quoted ETags (#4879)
|
|
* headers: Only replace known placeholders (#4880)
|
|
* reverseproxy: Err 503 if all upstreams unavailable
|
|
* reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
|
|
* fileserver: Use safe redirects in file browser
|
|
* admin: support ETag on config endpoints (#4579)
|
|
* go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
|
|
* caddytls: Reuse issuer between PreCheck and Issue (#4866)
|
|
* admin: Implement /adapt endpoint (close #4465) (#4846)
|
|
* forwardauth: Fix case when `copy_headers` is omitted (#4856)
|
|
* Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
|
|
* reverseproxy: Fix double headers in response handlers (#4847)
|
|
* reverseproxy: Fix panic when TLS is not configured (#4848)
|
|
* reverseproxy: Skip TLS for certain configured ports (#4843)
|
|
* go.mod: Update some dependencies
|
|
* forwardauth: Support renaming copied headers, block support (#4783)
|
|
* Add comment about xcaddy to main
|
|
* headers: Support wildcards for delete ops (close #4830) (#4831)
|
|
* reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
|
|
* reverseproxy: Make TLS renegotiation optional
|
|
* reverseproxy: Add renegotiation param in TLS client (#4784)
|
|
* caddyhttp: Log error from CEL evaluation (fix #4832)
|
|
* reverseproxy: Correct the `tls_server_name` docs (#4827)
|
|
* reverseproxy: HTTP 504 for upstream timeouts (#4824)
|
|
* caddytls: Make peer certificate verification pluggable (#4389)
|
|
* reverseproxy: api: Remove misleading 'healthy' value
|
|
* go.mod: Update go-yaml to v3
|
|
* Fix #4822 and fix #4779
|
|
* reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
|
|
* ci: Fix build caching on Windows (#4811)
|
|
* templates: Add `humanize` function (#4767)
|
|
* core: Micro-optim in run() (#4810)
|
|
* go.mod: Upgrade some dependencies
|
|
* httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)
|
|
* templates: Documentation consistency (#4796)
|
|
* chore: Bump quic-go to v0.27.0 (#4782)
|
|
* reverseproxy: Support http1.1>h2c (close #4777) (#4778)
|
|
* rewrite: Handle fragment before query (fix #4775) [bsc#1201822, CVE-2022-34037]
|
|
* httpcaddyfile: Support multiple values for `default_bind` (#4774)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.5.1:
|
|
* Fixed regression in Unix socket admin endpoints.
|
|
* Fixed regression in caddy trust commands.
|
|
* Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
|
|
use an improved highest-random-weight (HRW) algorithm for increased
|
|
consistency.
|
|
* Dynamic upstreams, which is the ability to get the list of upstreams at
|
|
every request (more specifically, every iteration in the proxy loop of
|
|
every request) rather than just once at config-load time.
|
|
* Caddy will automatically try to get relevant certificates from the local
|
|
Tailscale instance.
|
|
* New OpenTelemetry integration.
|
|
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
|
|
getting information about Caddy's managed CAs.
|
|
* Rename _caddy to zsh-completion
|
|
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.4.6:
|
|
* caddycmd: Add `--keep-backup` to upgrade commands (#4387)
|
|
* caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386)
|
|
* caddycmd: fix caddy validate/fmt help message (#4377)
|
|
* caddyhttp: Add support for triggering errors from `try_files` (#4346)
|
|
* caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
|
|
* caddyhttp: reverseproxy: clarify warning for -insecure (#4379)
|
|
* caddyhttp: Sanitize the path before evaluating path matchers (#4407)
|
|
* caddytls: Mark storage clean timestamp at end of routine (#4401)
|
|
* docs: General minor improvements
|
|
* fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342)
|
|
* fastcgi: Implement `try_files` override in Caddyfile directive (#4347)
|
|
* fileserver: Fix compression breaks using httpInclude (#4352) (#4358)
|
|
* fileserver: Fix displayed file size if it is symlink (#4354)
|
|
* fileserver: Make file listing links purple once visited (#4356)
|
|
* fileserver: Prevent focusing filter from scrolling on page load (#4393)
|
|
* fileserver: properly handle escaped/non-ascii paths (#4332)
|
|
* headers: Canonicalize case in replace (fix #4330)
|
|
* httpcaddyfile: Empty tls policy for internal http localhost (#4398)
|
|
* httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)
|
|
* map: Fix 95c03506 (avoid repeated expansions)
|
|
* map: Fix regex mappings
|
|
* reverseproxy: Log error at error level (fix #4360)
|
|
* reverseproxy: Prevent copying the response if a response handler ran (#4388)
|
|
* reverseproxy: Sanitize scheme and host on incoming requests (#4237)
|
|
* templates: Add 'import' action (#4321)
|
|
* templates: Add tests for funcInclude and funcImport (#4357)
|
|
* templates: Propagate httpError to HTTP response
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
|
|
|
|
- Update to version 2.4.5:
|
|
* Hotfix for a regression introduced in 2.4.4 related to
|
|
combining the encode and reverse_proxy directives.
|
|
* cmd: export CaddyVersion(), Commands()
|
|
* encode: ignore flushing until after first write
|
|
* go.mod: Update CertMagic
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.4.4:
|
|
* acmeserver: Don't set host for directory links by default
|
|
* acmeserver: Trim slashes from path prefix
|
|
* admin: Implement load_interval to pull config on a timer
|
|
* admin: Replace admin cert cache when reloading
|
|
* admin: Sync server variables
|
|
* caddyfile: Better error message for missing site block braces
|
|
* caddyfile: Error on invalid site addresses containing comma
|
|
* caddyfile: keep error chain info in Dispenser.Errf
|
|
* caddyhttp: Fix edgecase with auto HTTP->HTTPS logic
|
|
* caddyhttp: Fix incorrect determination of gRPC protocol
|
|
* caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi
|
|
* caddyhttp: Updated the documentation for MatchQuery
|
|
* caddytls: Add Caddyfile support for propagation_timeout
|
|
* caddytls: Remove "IssuerRaw" field
|
|
* cmd: Fix paths when using an env file
|
|
* cmd: New add-package and remove-package commands
|
|
* cmd: use net.ErrClosed for matching returned error
|
|
* core: Unix ns and Unix ms time placeholders
|
|
* encode: Tweak compression settings
|
|
* fileserver: Add disable_canonical_uris Caddyfile subdirective
|
|
* fileserver: Clarify docs about canonicalization
|
|
* fileserver: Don't persist parsed template
|
|
* fileserver: Fix browse name_dir_first sorting
|
|
* fileserver: Fix browse not redirecting query parameters
|
|
* fileserver: Only redirect if filename not rewritten
|
|
* fileserver: Redirect within the original URL
|
|
* go.mod: Update dependencies
|
|
* httpcaddyfile: Add preferred_chains global option and issuer subdirective
|
|
* httpcaddyfile: Add shortcut for proxy hostport placeholder
|
|
* httpcaddyfile: Add skip_install_trust global option
|
|
* httpcaddyfile: Don't add HTTP hosts to TLS APs
|
|
* httpcaddyfile: Don't put localhost in public APs
|
|
* httpcaddyfile: Ensure hosts to skip for logs can always be collected
|
|
* httpcaddyfile: Improve unrecognized directive errors
|
|
* httpcaddyfile: Reorder some directives
|
|
* logging: Actually use level_key
|
|
* logging: Add missing interface guards for replace filter
|
|
* logging: Prep for common_log removal
|
|
* logging: Warn for deprecated single_field encoder
|
|
* metrics: use buildinfo collector from new collectors pkg
|
|
* reverseproxy: Adjust test related to #4201
|
|
* reverseproxy: Always remove hop-by-hop headers
|
|
* reverseproxy: Fix overwriting of max_idle_conns_per_host
|
|
* reverseproxy: Incorporate latest proxy changes from stdlib
|
|
* reverseproxy: Keep path to unix socket as dial address
|
|
* reverseproxy: Remove redundant flushing
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s). Modified:
|
|
* caddy.service
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.4.1:
|
|
* logging: Implement dial timeout for net writer (fix #4083) (#4172)
|
|
* admin: Reinstate internal redirect for /id/ requests
|
|
* caddyfile: Add parse error on site address with trailing `{` (#4163)
|
|
* reverseproxy: Set the headers in the replacer before `handle_response` (#4165)
|
|
* ci: Run CI on PRs targeting minor version branches (#4164)
|
|
* cmd: upgrade: inherit the permissions of the original executable (#4160)
|
|
* httpcaddyfile: Fix automation policy consolidation again (fix #4161)
|
|
* caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)
|
|
* encode: Drop `prefer` from Caddyfile (#4156)
|
|
* encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151)
|
|
* caddytls: Run replacer on ask URL, for env vars (#4154)
|
|
* httpcaddyfile: Add `grace_period` global option (#4152)
|
|
* caddyhttp: Fix fallback for the error handler chain (#4131)
|
|
* reverseproxy: Minor logging improvements
|
|
* fileserver: Fix `file` matcher with empty `try_files` (#4147)
|
|
* go.mod: CertMagic v0.13.1
|
|
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)
|
|
* cmd: Add --envfile flag to `start` command (#4141)
|
|
* httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
|
|
* httpcaddyfile: Add global option for `storage_clean_interval` (#4134)
|
|
* caddyhttp: performance improvement in HeaderRE Matcher (#4143)
|
|
* fileserver: Share template logic for both `templates` and `file_server browse` (#4093)
|
|
* caddytls: Implement remote IP connection matcher (#4123)
|
|
* httpcaddyfile: Fix unexpectedly removed policy (#4128)
|
|
* reverseproxy: fix hash selection policy (#4137)
|
|
* fileserver: Better handling of HTTP status override (#4132)
|
|
* caddyfile: Fix `import` replacing unrelated placeholders (#4129)
|
|
* caddytls: Add `load_storage` module (#4055)
|
|
* reverseproxy: Admin endpoint for reporting upstream statuses (#4125)
|
|
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)
|
|
* httpcaddyfile: Take into account host scheme/port (fix #4113)
|
|
* fuzz: fix the FuzzFormat comparison (#4117)
|
|
* caddytls: Disable OCSP stapling for manual certs (#4064)
|
|
* caddytls: Configurable storage clean interval
|
|
* caddyfile: reject cyclic imports (#4022)
|
|
* ci: fuzz: add 4 more fuzzing targets (#4105)
|
|
* fileserver: Add status code override (#4076)
|
|
* notify: Send all sd_notify signals from main caddy process (#4060)
|
|
* go.mod: Update quic-go to v0.20.1 (#4075)
|
|
* httpcaddyfile: Fix panic in automation policy consolidation (#4104)
|
|
* caddyfile: Normalize line endings before comparing fmt result (#4103)
|
|
* ci: accommodate go1.16 changes to go mod (#4102)
|
|
* Minor tweaks
|
|
* go.mod: Use latest CertMagic
|
|
* Use 600 instead of 644 for UUID file
|
|
* Change os to ioutil for now
|
|
* reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)
|
|
* caddy: Add InstanceID() method
|
|
* encode,staticfiles: Content negotiation, precompressed files (#4045)
|
|
* reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
|
|
* go.mod: Migrate to golang.org/x/term (#4073)
|
|
* caddyhttp: improve grammar of comment for AllowH2C (#4072)
|
|
* sigtrap_posix: add missing comma to SIGTERM info (#4078)
|
|
* cmd: Use formatted logger for config adapter warnings (#4080)
|
|
* cmd: main: fix minor doc typos (#4082)
|
|
* headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)
|
|
* .gitignore: add IDE files (#4087)
|
|
* fileserver: Add a few more debug lines (#4063)
|
|
* fileserver: Browse listing supports dark mode (#4066)
|
|
* CONTRIBUTING: fix spelling (#4070)
|
|
* httpcaddyfile: Add `error` directive for the existing handler (#4034)
|
|
* logging: add replace filter for static value replacement (#4029)
|
|
* caddyconfig: add global option for configuring loggers (#4028)
|
|
* map: Accept regex substitution in outputs (#3991)
|
|
* reverseproxy: Fix upstreams with placeholders with no port (#4046)
|
|
* rewrite: Implement regex path replacements
|
|
* fileserver: Don't replace in request paths (fix #4027)
|
|
* caddypki: Add SignWithRoot option for ACME server
|
|
* reverseproxy: Fix round robin data race (#4038)
|
|
* Update docs; commit setcap.sh
|
|
* go.mod: Latest CertMagic (updated libdns conventions)
|
|
* core: Initialize logging before admin
|
|
* caddytls: Remove old asset migration code (close #3894)
|
|
* reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
|
|
* httpcaddyfile: Fix catch-all site block sorting
|
|
* ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024)
|
|
* caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
|
|
* Improve security warnings
|
|
* httpcaddyfile: Configure other apps from global options (#3990)
|
|
* cmd: Clean up `build-info` and `upgrade` output
|
|
* caddyhttp: Support placeholders in header matcher values (close #3916)
|
|
* caddytls: Save email with account if not already specified
|
|
* reverseproxy: Response buffering & configurable buffer size
|
|
* httpcaddyfile: Fix automation policies
|
|
* ci: deflake integration tests (#3966)
|
|
* httpcaddyfile: Add resolvers subdir of tls (close #4008)
|
|
* acmeserver: Support custom CAs from Caddyfile
|
|
* caddyhttp: Check for invalid subdirectives of static_response
|
|
* httpcaddyfile: Fix default issuers when email provided
|
|
* cmd: Add --force flag to reload command (close #4005)
|
|
* httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
|
|
* httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
|
|
* ci: update the command to run tests on the s390x machine (#3995)
|
|
* caddyhttp: Fix redir html status code, improve flow (#3987)
|
|
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
|
|
* admin: Identity management, remote admin, config loaders (#3994)
|
|
* caddycmd: Add upgrade command (#3972)
|
|
* Revert "requestbody: Allow overwriting remote address"
|
|
* caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
|
|
* httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
|
|
* cmd: Print more detailed version with --environ
|
|
* map: Add missing json struct tag
|
|
* tests: use actual admin port value in error message (#3973)
|
|
* cmd: Implement sd_notify() to notify systemd about readiness (#3963)
|
|
* templates: Add fileExists and httpError template actions
|
|
* requestbody: Allow overwriting remote address
|
|
* rewrite: Use RawPath instead of Path (fix #3596) (#3918)
|
|
* Update docs
|
|
* caddytls: Configurable OCSP stapling; global option (closes #3714)
|
|
* logging: Remove logfmt encoder (close #3575)
|
|
* httpcaddyfile: Support repeated use of cert_issuer global option
|
|
* caddytls: add 'key_type' subdirective (#3956)
|
|
* caddyfile: Refactor unmarshaling of module tokens
|
|
* go.mod: Update CertMagic and acmez (improved IDN support)
|
|
* reverseproxy: Caddyfile health check headers, host header support (#3948)
|
|
* httpcaddyfile: Adjust iterator when removing AP (fix #3953)
|
|
* cmd: Organize list-modules output; --packages flag (#3925)
|
|
* caddyfile: Introduce basic linting and fmt check (#3923)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
|
|
|
- Create Caddy package
|