Alexandre Vicenzi
697971ca6a
Add mention to CVE fixed in 2.5.0 OBS-URL: https://build.opensuse.org/request/show/981170 OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=12
247 lines
13 KiB
Plaintext
247 lines
13 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.5.1:
|
|
* Fixed regression in Unix socket admin endpoints.
|
|
* Fixed regression in caddy trust commands.
|
|
* Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
|
|
use an improved highest-random-weight (HRW) algorithm for increased
|
|
consistency.
|
|
* Dynamic upstreams, which is the ability to get the list of upstreams at
|
|
every request (more specifically, every iteration in the proxy loop of
|
|
every request) rather than just once at config-load time.
|
|
* Caddy will automatically try to get relevant certificates from the local
|
|
Tailscale instance.
|
|
* New OpenTelemetry integration.
|
|
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
|
|
getting information about Caddy's managed CAs.
|
|
* Rename _caddy to zsh-completion
|
|
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.4.6:
|
|
* caddycmd: Add `--keep-backup` to upgrade commands (#4387)
|
|
* caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386)
|
|
* caddycmd: fix caddy validate/fmt help message (#4377)
|
|
* caddyhttp: Add support for triggering errors from `try_files` (#4346)
|
|
* caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
|
|
* caddyhttp: reverseproxy: clarify warning for -insecure (#4379)
|
|
* caddyhttp: Sanitize the path before evaluating path matchers (#4407)
|
|
* caddytls: Mark storage clean timestamp at end of routine (#4401)
|
|
* docs: General minor improvements
|
|
* fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342)
|
|
* fastcgi: Implement `try_files` override in Caddyfile directive (#4347)
|
|
* fileserver: Fix compression breaks using httpInclude (#4352) (#4358)
|
|
* fileserver: Fix displayed file size if it is symlink (#4354)
|
|
* fileserver: Make file listing links purple once visited (#4356)
|
|
* fileserver: Prevent focusing filter from scrolling on page load (#4393)
|
|
* fileserver: properly handle escaped/non-ascii paths (#4332)
|
|
* headers: Canonicalize case in replace (fix #4330)
|
|
* httpcaddyfile: Empty tls policy for internal http localhost (#4398)
|
|
* httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)
|
|
* map: Fix 95c03506 (avoid repeated expansions)
|
|
* map: Fix regex mappings
|
|
* reverseproxy: Log error at error level (fix #4360)
|
|
* reverseproxy: Prevent copying the response if a response handler ran (#4388)
|
|
* reverseproxy: Sanitize scheme and host on incoming requests (#4237)
|
|
* templates: Add 'import' action (#4321)
|
|
* templates: Add tests for funcInclude and funcImport (#4357)
|
|
* templates: Propagate httpError to HTTP response
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
|
|
|
|
- Update to version 2.4.5:
|
|
* Hotfix for a regression introduced in 2.4.4 related to
|
|
combining the encode and reverse_proxy directives.
|
|
* cmd: export CaddyVersion(), Commands()
|
|
* encode: ignore flushing until after first write
|
|
* go.mod: Update CertMagic
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.4.4:
|
|
* acmeserver: Don't set host for directory links by default
|
|
* acmeserver: Trim slashes from path prefix
|
|
* admin: Implement load_interval to pull config on a timer
|
|
* admin: Replace admin cert cache when reloading
|
|
* admin: Sync server variables
|
|
* caddyfile: Better error message for missing site block braces
|
|
* caddyfile: Error on invalid site addresses containing comma
|
|
* caddyfile: keep error chain info in Dispenser.Errf
|
|
* caddyhttp: Fix edgecase with auto HTTP->HTTPS logic
|
|
* caddyhttp: Fix incorrect determination of gRPC protocol
|
|
* caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi
|
|
* caddyhttp: Updated the documentation for MatchQuery
|
|
* caddytls: Add Caddyfile support for propagation_timeout
|
|
* caddytls: Remove "IssuerRaw" field
|
|
* cmd: Fix paths when using an env file
|
|
* cmd: New add-package and remove-package commands
|
|
* cmd: use net.ErrClosed for matching returned error
|
|
* core: Unix ns and Unix ms time placeholders
|
|
* encode: Tweak compression settings
|
|
* fileserver: Add disable_canonical_uris Caddyfile subdirective
|
|
* fileserver: Clarify docs about canonicalization
|
|
* fileserver: Don't persist parsed template
|
|
* fileserver: Fix browse name_dir_first sorting
|
|
* fileserver: Fix browse not redirecting query parameters
|
|
* fileserver: Only redirect if filename not rewritten
|
|
* fileserver: Redirect within the original URL
|
|
* go.mod: Update dependencies
|
|
* httpcaddyfile: Add preferred_chains global option and issuer subdirective
|
|
* httpcaddyfile: Add shortcut for proxy hostport placeholder
|
|
* httpcaddyfile: Add skip_install_trust global option
|
|
* httpcaddyfile: Don't add HTTP hosts to TLS APs
|
|
* httpcaddyfile: Don't put localhost in public APs
|
|
* httpcaddyfile: Ensure hosts to skip for logs can always be collected
|
|
* httpcaddyfile: Improve unrecognized directive errors
|
|
* httpcaddyfile: Reorder some directives
|
|
* logging: Actually use level_key
|
|
* logging: Add missing interface guards for replace filter
|
|
* logging: Prep for common_log removal
|
|
* logging: Warn for deprecated single_field encoder
|
|
* metrics: use buildinfo collector from new collectors pkg
|
|
* reverseproxy: Adjust test related to #4201
|
|
* reverseproxy: Always remove hop-by-hop headers
|
|
* reverseproxy: Fix overwriting of max_idle_conns_per_host
|
|
* reverseproxy: Incorporate latest proxy changes from stdlib
|
|
* reverseproxy: Keep path to unix socket as dial address
|
|
* reverseproxy: Remove redundant flushing
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s). Modified:
|
|
* caddy.service
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com
|
|
|
|
- Update to version 2.4.1:
|
|
* logging: Implement dial timeout for net writer (fix #4083) (#4172)
|
|
* admin: Reinstate internal redirect for /id/ requests
|
|
* caddyfile: Add parse error on site address with trailing `{` (#4163)
|
|
* reverseproxy: Set the headers in the replacer before `handle_response` (#4165)
|
|
* ci: Run CI on PRs targeting minor version branches (#4164)
|
|
* cmd: upgrade: inherit the permissions of the original executable (#4160)
|
|
* httpcaddyfile: Fix automation policy consolidation again (fix #4161)
|
|
* caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)
|
|
* encode: Drop `prefer` from Caddyfile (#4156)
|
|
* encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151)
|
|
* caddytls: Run replacer on ask URL, for env vars (#4154)
|
|
* httpcaddyfile: Add `grace_period` global option (#4152)
|
|
* caddyhttp: Fix fallback for the error handler chain (#4131)
|
|
* reverseproxy: Minor logging improvements
|
|
* fileserver: Fix `file` matcher with empty `try_files` (#4147)
|
|
* go.mod: CertMagic v0.13.1
|
|
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)
|
|
* cmd: Add --envfile flag to `start` command (#4141)
|
|
* httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
|
|
* httpcaddyfile: Add global option for `storage_clean_interval` (#4134)
|
|
* caddyhttp: performance improvement in HeaderRE Matcher (#4143)
|
|
* fileserver: Share template logic for both `templates` and `file_server browse` (#4093)
|
|
* caddytls: Implement remote IP connection matcher (#4123)
|
|
* httpcaddyfile: Fix unexpectedly removed policy (#4128)
|
|
* reverseproxy: fix hash selection policy (#4137)
|
|
* fileserver: Better handling of HTTP status override (#4132)
|
|
* caddyfile: Fix `import` replacing unrelated placeholders (#4129)
|
|
* caddytls: Add `load_storage` module (#4055)
|
|
* reverseproxy: Admin endpoint for reporting upstream statuses (#4125)
|
|
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)
|
|
* httpcaddyfile: Take into account host scheme/port (fix #4113)
|
|
* fuzz: fix the FuzzFormat comparison (#4117)
|
|
* caddytls: Disable OCSP stapling for manual certs (#4064)
|
|
* caddytls: Configurable storage clean interval
|
|
* caddyfile: reject cyclic imports (#4022)
|
|
* ci: fuzz: add 4 more fuzzing targets (#4105)
|
|
* fileserver: Add status code override (#4076)
|
|
* notify: Send all sd_notify signals from main caddy process (#4060)
|
|
* go.mod: Update quic-go to v0.20.1 (#4075)
|
|
* httpcaddyfile: Fix panic in automation policy consolidation (#4104)
|
|
* caddyfile: Normalize line endings before comparing fmt result (#4103)
|
|
* ci: accommodate go1.16 changes to go mod (#4102)
|
|
* Minor tweaks
|
|
* go.mod: Use latest CertMagic
|
|
* Use 600 instead of 644 for UUID file
|
|
* Change os to ioutil for now
|
|
* reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)
|
|
* caddy: Add InstanceID() method
|
|
* encode,staticfiles: Content negotiation, precompressed files (#4045)
|
|
* reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
|
|
* go.mod: Migrate to golang.org/x/term (#4073)
|
|
* caddyhttp: improve grammar of comment for AllowH2C (#4072)
|
|
* sigtrap_posix: add missing comma to SIGTERM info (#4078)
|
|
* cmd: Use formatted logger for config adapter warnings (#4080)
|
|
* cmd: main: fix minor doc typos (#4082)
|
|
* headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)
|
|
* .gitignore: add IDE files (#4087)
|
|
* fileserver: Add a few more debug lines (#4063)
|
|
* fileserver: Browse listing supports dark mode (#4066)
|
|
* CONTRIBUTING: fix spelling (#4070)
|
|
* httpcaddyfile: Add `error` directive for the existing handler (#4034)
|
|
* logging: add replace filter for static value replacement (#4029)
|
|
* caddyconfig: add global option for configuring loggers (#4028)
|
|
* map: Accept regex substitution in outputs (#3991)
|
|
* reverseproxy: Fix upstreams with placeholders with no port (#4046)
|
|
* rewrite: Implement regex path replacements
|
|
* fileserver: Don't replace in request paths (fix #4027)
|
|
* caddypki: Add SignWithRoot option for ACME server
|
|
* reverseproxy: Fix round robin data race (#4038)
|
|
* Update docs; commit setcap.sh
|
|
* go.mod: Latest CertMagic (updated libdns conventions)
|
|
* core: Initialize logging before admin
|
|
* caddytls: Remove old asset migration code (close #3894)
|
|
* reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
|
|
* httpcaddyfile: Fix catch-all site block sorting
|
|
* ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024)
|
|
* caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
|
|
* Improve security warnings
|
|
* httpcaddyfile: Configure other apps from global options (#3990)
|
|
* cmd: Clean up `build-info` and `upgrade` output
|
|
* caddyhttp: Support placeholders in header matcher values (close #3916)
|
|
* caddytls: Save email with account if not already specified
|
|
* reverseproxy: Response buffering & configurable buffer size
|
|
* httpcaddyfile: Fix automation policies
|
|
* ci: deflake integration tests (#3966)
|
|
* httpcaddyfile: Add resolvers subdir of tls (close #4008)
|
|
* acmeserver: Support custom CAs from Caddyfile
|
|
* caddyhttp: Check for invalid subdirectives of static_response
|
|
* httpcaddyfile: Fix default issuers when email provided
|
|
* cmd: Add --force flag to reload command (close #4005)
|
|
* httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
|
|
* httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
|
|
* ci: update the command to run tests on the s390x machine (#3995)
|
|
* caddyhttp: Fix redir html status code, improve flow (#3987)
|
|
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
|
|
* admin: Identity management, remote admin, config loaders (#3994)
|
|
* caddycmd: Add upgrade command (#3972)
|
|
* Revert "requestbody: Allow overwriting remote address"
|
|
* caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
|
|
* httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
|
|
* cmd: Print more detailed version with --environ
|
|
* map: Add missing json struct tag
|
|
* tests: use actual admin port value in error message (#3973)
|
|
* cmd: Implement sd_notify() to notify systemd about readiness (#3963)
|
|
* templates: Add fileExists and httpError template actions
|
|
* requestbody: Allow overwriting remote address
|
|
* rewrite: Use RawPath instead of Path (fix #3596) (#3918)
|
|
* Update docs
|
|
* caddytls: Configurable OCSP stapling; global option (closes #3714)
|
|
* logging: Remove logfmt encoder (close #3575)
|
|
* httpcaddyfile: Support repeated use of cert_issuer global option
|
|
* caddytls: add 'key_type' subdirective (#3956)
|
|
* caddyfile: Refactor unmarshaling of module tokens
|
|
* go.mod: Update CertMagic and acmez (improved IDN support)
|
|
* reverseproxy: Caddyfile health check headers, host header support (#3948)
|
|
* httpcaddyfile: Adjust iterator when removing AP (fix #3953)
|
|
* cmd: Organize list-modules output; --packages flag (#3925)
|
|
* caddyfile: Introduce basic linting and fmt check (#3923)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
|
|
|
- Create Caddy package
|