caddy/caddy.changes
Alexandre Vicenzi cfa7c1a6a5 Accepting request 989489 from home:dirkmueller:Factory
- Update to version 2.5.2:
  * admin: expect quoted ETags (#4879)
  * headers: Only replace known placeholders (#4880)
  * reverseproxy: Err 503 if all upstreams unavailable
  * reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
  * fileserver: Use safe redirects in file browser
  * admin: support ETag on config endpoints (#4579)
  * go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
  * caddytls: Reuse issuer between PreCheck and Issue (#4866)
  * admin: Implement /adapt endpoint (close #4465) (#4846)
  * forwardauth: Fix case when `copy_headers` is omitted (#4856)
  * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
  * reverseproxy: Fix double headers in response handlers (#4847)
  * reverseproxy: Fix panic when TLS is not configured (#4848)
  * reverseproxy: Skip TLS for certain configured ports (#4843)
  * go.mod: Update some dependencies
  * forwardauth: Support renaming copied headers, block support (#4783)
  * Add comment about xcaddy to main
  * headers: Support wildcards for delete ops (close #4830) (#4831)
  * reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
  * reverseproxy: Make TLS renegotiation optional
  * reverseproxy: Add renegotiation param in TLS client (#4784)
  * caddyhttp: Log error from CEL evaluation (fix #4832)
  * reverseproxy: Correct the `tls_server_name` docs (#4827)
  * reverseproxy: HTTP 504 for upstream timeouts (#4824)
  * caddytls: Make peer certificate verification pluggable (#4389)
  * reverseproxy: api: Remove misleading 'healthy' value
  * go.mod: Update go-yaml to v3
  * Fix #4822 and fix #4779
  * reverseproxy: Add --internal-certs CLI flag #3589 (#4817)

OBS-URL: https://build.opensuse.org/request/show/989489
OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=14
2022-07-19 11:44:45 +00:00

291 lines
15 KiB
Plaintext

-------------------------------------------------------------------
Fri Jul 15 19:01:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
- Update to version 2.5.2:
* admin: expect quoted ETags (#4879)
* headers: Only replace known placeholders (#4880)
* reverseproxy: Err 503 if all upstreams unavailable
* reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
* fileserver: Use safe redirects in file browser
* admin: support ETag on config endpoints (#4579)
* go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
* caddytls: Reuse issuer between PreCheck and Issue (#4866)
* admin: Implement /adapt endpoint (close #4465) (#4846)
* forwardauth: Fix case when `copy_headers` is omitted (#4856)
* Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
* reverseproxy: Fix double headers in response handlers (#4847)
* reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Skip TLS for certain configured ports (#4843)
* go.mod: Update some dependencies
* forwardauth: Support renaming copied headers, block support (#4783)
* Add comment about xcaddy to main
* headers: Support wildcards for delete ops (close #4830) (#4831)
* reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
* reverseproxy: Make TLS renegotiation optional
* reverseproxy: Add renegotiation param in TLS client (#4784)
* caddyhttp: Log error from CEL evaluation (fix #4832)
* reverseproxy: Correct the `tls_server_name` docs (#4827)
* reverseproxy: HTTP 504 for upstream timeouts (#4824)
* caddytls: Make peer certificate verification pluggable (#4389)
* reverseproxy: api: Remove misleading 'healthy' value
* go.mod: Update go-yaml to v3
* Fix #4822 and fix #4779
* reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
* ci: Fix build caching on Windows (#4811)
* templates: Add `humanize` function (#4767)
* core: Micro-optim in run() (#4810)
* go.mod: Upgrade some dependencies
* httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)
* templates: Documentation consistency (#4796)
* chore: Bump quic-go to v0.27.0 (#4782)
* reverseproxy: Support http1.1>h2c (close #4777) (#4778)
* rewrite: Handle fragment before query (fix #4775)
* httpcaddyfile: Support multiple values for `default_bind` (#4774)
-------------------------------------------------------------------
Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.5.1:
* Fixed regression in Unix socket admin endpoints.
* Fixed regression in caddy trust commands.
* Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
use an improved highest-random-weight (HRW) algorithm for increased
consistency.
* Dynamic upstreams, which is the ability to get the list of upstreams at
every request (more specifically, every iteration in the proxy loop of
every request) rather than just once at config-load time.
* Caddy will automatically try to get relevant certificates from the local
Tailscale instance.
* New OpenTelemetry integration.
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
getting information about Caddy's managed CAs.
* Rename _caddy to zsh-completion
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
-------------------------------------------------------------------
Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.4.6:
* caddycmd: Add `--keep-backup` to upgrade commands (#4387)
* caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386)
* caddycmd: fix caddy validate/fmt help message (#4377)
* caddyhttp: Add support for triggering errors from `try_files` (#4346)
* caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
* caddyhttp: reverseproxy: clarify warning for -insecure (#4379)
* caddyhttp: Sanitize the path before evaluating path matchers (#4407)
* caddytls: Mark storage clean timestamp at end of routine (#4401)
* docs: General minor improvements
* fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342)
* fastcgi: Implement `try_files` override in Caddyfile directive (#4347)
* fileserver: Fix compression breaks using httpInclude (#4352) (#4358)
* fileserver: Fix displayed file size if it is symlink (#4354)
* fileserver: Make file listing links purple once visited (#4356)
* fileserver: Prevent focusing filter from scrolling on page load (#4393)
* fileserver: properly handle escaped/non-ascii paths (#4332)
* headers: Canonicalize case in replace (fix #4330)
* httpcaddyfile: Empty tls policy for internal http localhost (#4398)
* httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)
* map: Fix 95c03506 (avoid repeated expansions)
* map: Fix regex mappings
* reverseproxy: Log error at error level (fix #4360)
* reverseproxy: Prevent copying the response if a response handler ran (#4388)
* reverseproxy: Sanitize scheme and host on incoming requests (#4237)
* templates: Add 'import' action (#4321)
* templates: Add tests for funcInclude and funcImport (#4357)
* templates: Propagate httpError to HTTP response
-------------------------------------------------------------------
Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 2.4.5:
* Hotfix for a regression introduced in 2.4.4 related to
combining the encode and reverse_proxy directives.
* cmd: export CaddyVersion(), Commands()
* encode: ignore flushing until after first write
* go.mod: Update CertMagic
-------------------------------------------------------------------
Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.4:
* acmeserver: Don't set host for directory links by default
* acmeserver: Trim slashes from path prefix
* admin: Implement load_interval to pull config on a timer
* admin: Replace admin cert cache when reloading
* admin: Sync server variables
* caddyfile: Better error message for missing site block braces
* caddyfile: Error on invalid site addresses containing comma
* caddyfile: keep error chain info in Dispenser.Errf
* caddyhttp: Fix edgecase with auto HTTP->HTTPS logic
* caddyhttp: Fix incorrect determination of gRPC protocol
* caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi
* caddyhttp: Updated the documentation for MatchQuery
* caddytls: Add Caddyfile support for propagation_timeout
* caddytls: Remove "IssuerRaw" field
* cmd: Fix paths when using an env file
* cmd: New add-package and remove-package commands
* cmd: use net.ErrClosed for matching returned error
* core: Unix ns and Unix ms time placeholders
* encode: Tweak compression settings
* fileserver: Add disable_canonical_uris Caddyfile subdirective
* fileserver: Clarify docs about canonicalization
* fileserver: Don't persist parsed template
* fileserver: Fix browse name_dir_first sorting
* fileserver: Fix browse not redirecting query parameters
* fileserver: Only redirect if filename not rewritten
* fileserver: Redirect within the original URL
* go.mod: Update dependencies
* httpcaddyfile: Add preferred_chains global option and issuer subdirective
* httpcaddyfile: Add shortcut for proxy hostport placeholder
* httpcaddyfile: Add skip_install_trust global option
* httpcaddyfile: Don't add HTTP hosts to TLS APs
* httpcaddyfile: Don't put localhost in public APs
* httpcaddyfile: Ensure hosts to skip for logs can always be collected
* httpcaddyfile: Improve unrecognized directive errors
* httpcaddyfile: Reorder some directives
* logging: Actually use level_key
* logging: Add missing interface guards for replace filter
* logging: Prep for common_log removal
* logging: Warn for deprecated single_field encoder
* metrics: use buildinfo collector from new collectors pkg
* reverseproxy: Adjust test related to #4201
* reverseproxy: Always remove hop-by-hop headers
* reverseproxy: Fix overwriting of max_idle_conns_per_host
* reverseproxy: Incorporate latest proxy changes from stdlib
* reverseproxy: Keep path to unix socket as dial address
* reverseproxy: Remove redundant flushing
-------------------------------------------------------------------
Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Modified:
* caddy.service
-------------------------------------------------------------------
Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.1:
* logging: Implement dial timeout for net writer (fix #4083) (#4172)
* admin: Reinstate internal redirect for /id/ requests
* caddyfile: Add parse error on site address with trailing `{` (#4163)
* reverseproxy: Set the headers in the replacer before `handle_response` (#4165)
* ci: Run CI on PRs targeting minor version branches (#4164)
* cmd: upgrade: inherit the permissions of the original executable (#4160)
* httpcaddyfile: Fix automation policy consolidation again (fix #4161)
* caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)
* encode: Drop `prefer` from Caddyfile (#4156)
* encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151)
* caddytls: Run replacer on ask URL, for env vars (#4154)
* httpcaddyfile: Add `grace_period` global option (#4152)
* caddyhttp: Fix fallback for the error handler chain (#4131)
* reverseproxy: Minor logging improvements
* fileserver: Fix `file` matcher with empty `try_files` (#4147)
* go.mod: CertMagic v0.13.1
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)
* cmd: Add --envfile flag to `start` command (#4141)
* httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
* httpcaddyfile: Add global option for `storage_clean_interval` (#4134)
* caddyhttp: performance improvement in HeaderRE Matcher (#4143)
* fileserver: Share template logic for both `templates` and `file_server browse` (#4093)
* caddytls: Implement remote IP connection matcher (#4123)
* httpcaddyfile: Fix unexpectedly removed policy (#4128)
* reverseproxy: fix hash selection policy (#4137)
* fileserver: Better handling of HTTP status override (#4132)
* caddyfile: Fix `import` replacing unrelated placeholders (#4129)
* caddytls: Add `load_storage` module (#4055)
* reverseproxy: Admin endpoint for reporting upstream statuses (#4125)
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)
* httpcaddyfile: Take into account host scheme/port (fix #4113)
* fuzz: fix the FuzzFormat comparison (#4117)
* caddytls: Disable OCSP stapling for manual certs (#4064)
* caddytls: Configurable storage clean interval
* caddyfile: reject cyclic imports (#4022)
* ci: fuzz: add 4 more fuzzing targets (#4105)
* fileserver: Add status code override (#4076)
* notify: Send all sd_notify signals from main caddy process (#4060)
* go.mod: Update quic-go to v0.20.1 (#4075)
* httpcaddyfile: Fix panic in automation policy consolidation (#4104)
* caddyfile: Normalize line endings before comparing fmt result (#4103)
* ci: accommodate go1.16 changes to go mod (#4102)
* Minor tweaks
* go.mod: Use latest CertMagic
* Use 600 instead of 644 for UUID file
* Change os to ioutil for now
* reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)
* caddy: Add InstanceID() method
* encode,staticfiles: Content negotiation, precompressed files (#4045)
* reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
* go.mod: Migrate to golang.org/x/term (#4073)
* caddyhttp: improve grammar of comment for AllowH2C (#4072)
* sigtrap_posix: add missing comma to SIGTERM info (#4078)
* cmd: Use formatted logger for config adapter warnings (#4080)
* cmd: main: fix minor doc typos (#4082)
* headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)
* .gitignore: add IDE files (#4087)
* fileserver: Add a few more debug lines (#4063)
* fileserver: Browse listing supports dark mode (#4066)
* CONTRIBUTING: fix spelling (#4070)
* httpcaddyfile: Add `error` directive for the existing handler (#4034)
* logging: add replace filter for static value replacement (#4029)
* caddyconfig: add global option for configuring loggers (#4028)
* map: Accept regex substitution in outputs (#3991)
* reverseproxy: Fix upstreams with placeholders with no port (#4046)
* rewrite: Implement regex path replacements
* fileserver: Don't replace in request paths (fix #4027)
* caddypki: Add SignWithRoot option for ACME server
* reverseproxy: Fix round robin data race (#4038)
* Update docs; commit setcap.sh
* go.mod: Latest CertMagic (updated libdns conventions)
* core: Initialize logging before admin
* caddytls: Remove old asset migration code (close #3894)
* reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
* httpcaddyfile: Fix catch-all site block sorting
* ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024)
* caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
* Improve security warnings
* httpcaddyfile: Configure other apps from global options (#3990)
* cmd: Clean up `build-info` and `upgrade` output
* caddyhttp: Support placeholders in header matcher values (close #3916)
* caddytls: Save email with account if not already specified
* reverseproxy: Response buffering & configurable buffer size
* httpcaddyfile: Fix automation policies
* ci: deflake integration tests (#3966)
* httpcaddyfile: Add resolvers subdir of tls (close #4008)
* acmeserver: Support custom CAs from Caddyfile
* caddyhttp: Check for invalid subdirectives of static_response
* httpcaddyfile: Fix default issuers when email provided
* cmd: Add --force flag to reload command (close #4005)
* httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
* httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
* ci: update the command to run tests on the s390x machine (#3995)
* caddyhttp: Fix redir html status code, improve flow (#3987)
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
* admin: Identity management, remote admin, config loaders (#3994)
* caddycmd: Add upgrade command (#3972)
* Revert "requestbody: Allow overwriting remote address"
* caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
* httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
* cmd: Print more detailed version with --environ
* map: Add missing json struct tag
* tests: use actual admin port value in error message (#3973)
* cmd: Implement sd_notify() to notify systemd about readiness (#3963)
* templates: Add fileExists and httpError template actions
* requestbody: Allow overwriting remote address
* rewrite: Use RawPath instead of Path (fix #3596) (#3918)
* Update docs
* caddytls: Configurable OCSP stapling; global option (closes #3714)
* logging: Remove logfmt encoder (close #3575)
* httpcaddyfile: Support repeated use of cert_issuer global option
* caddytls: add 'key_type' subdirective (#3956)
* caddyfile: Refactor unmarshaling of module tokens
* go.mod: Update CertMagic and acmez (improved IDN support)
* reverseproxy: Caddyfile health check headers, host header support (#3948)
* httpcaddyfile: Adjust iterator when removing AP (fix #3953)
* cmd: Organize list-modules output; --packages flag (#3925)
* caddyfile: Introduce basic linting and fmt check (#3923)
-------------------------------------------------------------------
Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Create Caddy package