caddy/caddy.changes
Alexandre Vicenzi d4e6ac210e Accepting request 1005667 from home:jfkw:branches:server:http
- Update to version 2.6.1:
  * core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063)
  * encode: don't WriteHeader unless called (#5060)
  * fileserver: Reinstate --debug flag

OBS-URL: https://build.opensuse.org/request/show/1005667
OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=20
2022-09-29 08:07:12 +00:00

433 lines
23 KiB
Plaintext

-------------------------------------------------------------------
Fri Sep 23 19:30:59 UTC 2022 - jkowalczyk@suse.com
- Update to version 2.6.1:
* core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063)
* encode: don't WriteHeader unless called (#5060)
* fileserver: Reinstate --debug flag
-------------------------------------------------------------------
Tue Sep 20 20:44:58 UTC 2022 - jkowalczyk@suse.com
- Update to version 2.6.0:
* httpcaddyfile: Fix `protocols` global option parsing (#5054)
* caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051)
* caddyhttp: Honor grace period in background (#5043)
* events: Make event data exported
* caddyhttp: responseRecorder save status in all cases (#5049)
* caddyhttp: Fix write header on responseRecorder
* ci: fix the name template of singing certificate and sboms (#5046)
* core: Variadic Context.Logger(); soft deprecation
* caddyhttp: Support configuring Server from handler provisioning (#4933)
* caddyhttp: Support TLS key logging for debugging (#4808)
* caddyhttp: Make metrics opt-in (#5042)
* caddytls: Debug log on implicit tailscale error (#5041)
* caddyhttp: Add --debug flag to commands
* encode: Fix Accept-Ranges header; HEAD requests (#5039)
* Reject absurdly long duration strings (fix #4175)
* Fix #4169 (correct e6c58fd)
* caddyfile: Prevent infinite nesting on fmt (fix #4175)
* Limit unclosed placeholder tolerance (fix #4170)
* reverseproxy: Support repeated --to flags in command (#4693)
* caddyhttp: Add 'skip_log' var to omit request from logs (#4691)
* httpcaddyfile: Fix bind when IPv6 is specified with network (#4950)
* cmd: Improve error message if config missing
* cmd: Customizable user agent (close #2795)
* httpcaddyfile: Fix sorting of repeated directives
* caddyhttp: Very minor optimization to path matcher
* caddyhttp: Explicitly disallow multiple regexp matchers (#5030)
* caddytls: Error if placeholder is empty in 'ask'
* supplychain: publish signing cert, sbom, and signatures of sbom (#5027)
* go.mod: Update truststore
* Very minor tweaks
* core: Check error on ListenQUIC
* fileserver: Ignore EOF when browsing empty dir
* caddyhttp: ensure ResponseWriterWrapper and ResponseRecorder use ReadFrom if the underlying response writer implements it. (#5022)
* cmd: Enhance some help text
* httpcaddyfile: Add a couple more placeholder shortcuts (#5015)
* Drop requirement for filesystems to implement fs.StatFS
* ci: grant the `release` workflow the `write` permission to `contents` (#5017)
* ci: add `id-token` permission and update the signing command (#5016)
* go.mod: Upgrade CertMagic (v0.17.1)
* fileserver: Support glob expansion in file matcher (#4993)
* caddyhttp: Support `respond` with HTTP 103 Early Hints (#5006)
* Remove unnecessary error check
* caddyauth: Speed up basicauth provision, deprecate scrypt (#4720)
* ci: generate SBOM and sign artifacts using cosign (#4910)
* reverseproxy: Close hijacked conns on reload/quit (#4895)
* core: Refactor listeners; use SO_REUSEPORT on Unix (#4705)
* fastcgi: Optimize FastCGI transport (#4978)
* Minor style adjustments for HTTP redir logging
* Update readme
* Minor fix of error log
* notify: Don't send ready after error (fix #5003)
* templates: Document `httpError` function (#4972)
* fastcgi: allow users to log stderr output (#4967) (#5004)
* cmd: Don't print long help text on error
* Fix failing test
* dist: deb package manpages and bash completion scripts (#5007)
* caddyhttp: Copy logger config to HTTP server during AutoHTTPS (#4990)
* map: Coerce val to string, fix #4987
* httpcaddyfile: Add shortcut for expression matchers (#4976)
* caddyhttp: Accept placeholders in vars matcher key
* core: Plugins can register listener networks (#5002)
* caddyhttp: Disable draft versions of QUIC
* events: Tune logging and context cancellation
* events: Implement event system (#4912)
* httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001)
* caddyhttp: Set Content-Type for static response (#4999)
* cmd: Enhance CLI docs
* cmd: add completion command (#4994)
* cmd: Migrate to `spf13/cobra`, remove single-dash arg support (#4565)
* Minor cleanup, resolve a couple lint warnings
* Remove duplicate words in comments (#4986)
* reverseproxy: Add upstreams healthy metrics (#4935)
* admin: Don't stop old server if new one fails (#4964)
* reverseproxy: Multiple dynamic upstreams
* Fix comment indentation
* zstd: fix typo in comment (#4985)
* httpcaddyfile: Add ocsp_interval global option (#4980)
* caddytls: Log error if ask request fails
* ci: Increase linter timeout (#4981)
* templates: cap of slice should not be smaller than length (#4975)
* caddyhttp: Fix for nil `handlerErr.Err` (#4977)
* caddyhttp: Set `http.error.message` to the HandlerError message (#4971)
* go.mod: Upgrade CertMagic to v0.16.3
* core: Change net.IP to netip.Addr; use netip.Prefix (#4966)
* Clean up metrics test code
* caddyhttp: Smarter path matching and rewriting (#4948)
* fileserver: reset buffer before using it (#4962) (#4963)
* caddyhttp: Enable HTTP/3 by default (#4707)
* reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953)
* reverseproxy: Ignore context cancel in stream mode (#4952)
* reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951)
* httpcaddyfile: redir with "html" emits 200, no Location (fix #4940)
* reverseproxy: Support 1xx status codes (HTTP early hints) (#4882)
* logging: Fix `cookie` filter (#4943)
* go.mod: Upgrade OpenTelemetry dependencies (#4937)
* fileserver: Better fix for Etag of compressed files
* fileserver: Generate Etag from sidecar file
* Improve docs for ZeroSSL issuer
* Replace strings.Index with strings.Cut (#4932)
* Replace strings.Index usages with strings.Cut (#4930)
* cmd: Use newly-available version information (#4931)
* httpserver: Configurable shutdown delay (#4906)
* go.mod: Upgrade CertMagic and acmez
* chore: Bump up to Go 1.19, minimum 1.18 (#4925)
* Oops (sigh)
* caddyhttp: Implement `caddy respond` command (#4870)
* fileserver: Support virtual file system in Caddyfile
* fileserver: Support virtual file systems (#4909)
* Minor docs clarification
* core: Windows service integration (#4790)
* chore: Add .gitattributes to force *.go to LF (#4919)
* Fix compilation on Windows
* Ignore linter warnings
* Fix deprecation notice by using UTF16PtrFromString
* caddyhttp: Clear out matcher error immediately after grabbing it (#4916)
* Finish fixing lint errors from ea8df6ff
* caddytls: Remove PreferServerCipherSuites
* caddyhttp: Use new CEL APIs (fix #4915)
* ci: Run golangci-lint on multiple os(#4875) (#4913)
* go.mod: Upgrade dependencies
* httpcaddyfile: Detect ambiguous site definitions (fix #4635)
* caddyhttp: Log shutdown errors, don't return (fix #4908)
* reverseproxy: Implement read & write timeouts for HTTP transport (#4905)
* cmd: Fix reload with stdin (#4900)
* caddyhttp: Enhance comment
* reverseproxy: Implement retry count, alternative to try_duration (#4756)
* caddyhttp: Make query matcher more efficient
* reverseproxy: Export SetScheme() again
- BuildRequires: golang(API) >= 1.18 for new net/netip package
-------------------------------------------------------------------
Fri Jul 15 19:01:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
- Update to version 2.5.2:
* admin: expect quoted ETags (#4879)
* headers: Only replace known placeholders (#4880)
* reverseproxy: Err 503 if all upstreams unavailable
* reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
* fileserver: Use safe redirects in file browser
* admin: support ETag on config endpoints (#4579)
* go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
* caddytls: Reuse issuer between PreCheck and Issue (#4866)
* admin: Implement /adapt endpoint (close #4465) (#4846)
* forwardauth: Fix case when `copy_headers` is omitted (#4856)
* Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
* reverseproxy: Fix double headers in response handlers (#4847)
* reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Skip TLS for certain configured ports (#4843)
* go.mod: Update some dependencies
* forwardauth: Support renaming copied headers, block support (#4783)
* Add comment about xcaddy to main
* headers: Support wildcards for delete ops (close #4830) (#4831)
* reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
* reverseproxy: Make TLS renegotiation optional
* reverseproxy: Add renegotiation param in TLS client (#4784)
* caddyhttp: Log error from CEL evaluation (fix #4832)
* reverseproxy: Correct the `tls_server_name` docs (#4827)
* reverseproxy: HTTP 504 for upstream timeouts (#4824)
* caddytls: Make peer certificate verification pluggable (#4389)
* reverseproxy: api: Remove misleading 'healthy' value
* go.mod: Update go-yaml to v3
* Fix #4822 and fix #4779
* reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
* ci: Fix build caching on Windows (#4811)
* templates: Add `humanize` function (#4767)
* core: Micro-optim in run() (#4810)
* go.mod: Upgrade some dependencies
* httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)
* templates: Documentation consistency (#4796)
* chore: Bump quic-go to v0.27.0 (#4782)
* reverseproxy: Support http1.1>h2c (close #4777) (#4778)
* rewrite: Handle fragment before query (fix #4775) [bsc#1201822, CVE-2022-34037]
* httpcaddyfile: Support multiple values for `default_bind` (#4774)
-------------------------------------------------------------------
Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.5.1:
* Fixed regression in Unix socket admin endpoints.
* Fixed regression in caddy trust commands.
* Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
use an improved highest-random-weight (HRW) algorithm for increased
consistency.
* Dynamic upstreams, which is the ability to get the list of upstreams at
every request (more specifically, every iteration in the proxy loop of
every request) rather than just once at config-load time.
* Caddy will automatically try to get relevant certificates from the local
Tailscale instance.
* New OpenTelemetry integration.
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
getting information about Caddy's managed CAs.
* Rename _caddy to zsh-completion
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
-------------------------------------------------------------------
Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.4.6:
* caddycmd: Add `--keep-backup` to upgrade commands (#4387)
* caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386)
* caddycmd: fix caddy validate/fmt help message (#4377)
* caddyhttp: Add support for triggering errors from `try_files` (#4346)
* caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
* caddyhttp: reverseproxy: clarify warning for -insecure (#4379)
* caddyhttp: Sanitize the path before evaluating path matchers (#4407)
* caddytls: Mark storage clean timestamp at end of routine (#4401)
* docs: General minor improvements
* fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342)
* fastcgi: Implement `try_files` override in Caddyfile directive (#4347)
* fileserver: Fix compression breaks using httpInclude (#4352) (#4358)
* fileserver: Fix displayed file size if it is symlink (#4354)
* fileserver: Make file listing links purple once visited (#4356)
* fileserver: Prevent focusing filter from scrolling on page load (#4393)
* fileserver: properly handle escaped/non-ascii paths (#4332)
* headers: Canonicalize case in replace (fix #4330)
* httpcaddyfile: Empty tls policy for internal http localhost (#4398)
* httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)
* map: Fix 95c03506 (avoid repeated expansions)
* map: Fix regex mappings
* reverseproxy: Log error at error level (fix #4360)
* reverseproxy: Prevent copying the response if a response handler ran (#4388)
* reverseproxy: Sanitize scheme and host on incoming requests (#4237)
* templates: Add 'import' action (#4321)
* templates: Add tests for funcInclude and funcImport (#4357)
* templates: Propagate httpError to HTTP response
-------------------------------------------------------------------
Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 2.4.5:
* Hotfix for a regression introduced in 2.4.4 related to
combining the encode and reverse_proxy directives.
* cmd: export CaddyVersion(), Commands()
* encode: ignore flushing until after first write
* go.mod: Update CertMagic
-------------------------------------------------------------------
Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.4:
* acmeserver: Don't set host for directory links by default
* acmeserver: Trim slashes from path prefix
* admin: Implement load_interval to pull config on a timer
* admin: Replace admin cert cache when reloading
* admin: Sync server variables
* caddyfile: Better error message for missing site block braces
* caddyfile: Error on invalid site addresses containing comma
* caddyfile: keep error chain info in Dispenser.Errf
* caddyhttp: Fix edgecase with auto HTTP->HTTPS logic
* caddyhttp: Fix incorrect determination of gRPC protocol
* caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi
* caddyhttp: Updated the documentation for MatchQuery
* caddytls: Add Caddyfile support for propagation_timeout
* caddytls: Remove "IssuerRaw" field
* cmd: Fix paths when using an env file
* cmd: New add-package and remove-package commands
* cmd: use net.ErrClosed for matching returned error
* core: Unix ns and Unix ms time placeholders
* encode: Tweak compression settings
* fileserver: Add disable_canonical_uris Caddyfile subdirective
* fileserver: Clarify docs about canonicalization
* fileserver: Don't persist parsed template
* fileserver: Fix browse name_dir_first sorting
* fileserver: Fix browse not redirecting query parameters
* fileserver: Only redirect if filename not rewritten
* fileserver: Redirect within the original URL
* go.mod: Update dependencies
* httpcaddyfile: Add preferred_chains global option and issuer subdirective
* httpcaddyfile: Add shortcut for proxy hostport placeholder
* httpcaddyfile: Add skip_install_trust global option
* httpcaddyfile: Don't add HTTP hosts to TLS APs
* httpcaddyfile: Don't put localhost in public APs
* httpcaddyfile: Ensure hosts to skip for logs can always be collected
* httpcaddyfile: Improve unrecognized directive errors
* httpcaddyfile: Reorder some directives
* logging: Actually use level_key
* logging: Add missing interface guards for replace filter
* logging: Prep for common_log removal
* logging: Warn for deprecated single_field encoder
* metrics: use buildinfo collector from new collectors pkg
* reverseproxy: Adjust test related to #4201
* reverseproxy: Always remove hop-by-hop headers
* reverseproxy: Fix overwriting of max_idle_conns_per_host
* reverseproxy: Incorporate latest proxy changes from stdlib
* reverseproxy: Keep path to unix socket as dial address
* reverseproxy: Remove redundant flushing
-------------------------------------------------------------------
Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Modified:
* caddy.service
-------------------------------------------------------------------
Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.1:
* logging: Implement dial timeout for net writer (fix #4083) (#4172)
* admin: Reinstate internal redirect for /id/ requests
* caddyfile: Add parse error on site address with trailing `{` (#4163)
* reverseproxy: Set the headers in the replacer before `handle_response` (#4165)
* ci: Run CI on PRs targeting minor version branches (#4164)
* cmd: upgrade: inherit the permissions of the original executable (#4160)
* httpcaddyfile: Fix automation policy consolidation again (fix #4161)
* caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)
* encode: Drop `prefer` from Caddyfile (#4156)
* encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151)
* caddytls: Run replacer on ask URL, for env vars (#4154)
* httpcaddyfile: Add `grace_period` global option (#4152)
* caddyhttp: Fix fallback for the error handler chain (#4131)
* reverseproxy: Minor logging improvements
* fileserver: Fix `file` matcher with empty `try_files` (#4147)
* go.mod: CertMagic v0.13.1
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)
* cmd: Add --envfile flag to `start` command (#4141)
* httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
* httpcaddyfile: Add global option for `storage_clean_interval` (#4134)
* caddyhttp: performance improvement in HeaderRE Matcher (#4143)
* fileserver: Share template logic for both `templates` and `file_server browse` (#4093)
* caddytls: Implement remote IP connection matcher (#4123)
* httpcaddyfile: Fix unexpectedly removed policy (#4128)
* reverseproxy: fix hash selection policy (#4137)
* fileserver: Better handling of HTTP status override (#4132)
* caddyfile: Fix `import` replacing unrelated placeholders (#4129)
* caddytls: Add `load_storage` module (#4055)
* reverseproxy: Admin endpoint for reporting upstream statuses (#4125)
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)
* httpcaddyfile: Take into account host scheme/port (fix #4113)
* fuzz: fix the FuzzFormat comparison (#4117)
* caddytls: Disable OCSP stapling for manual certs (#4064)
* caddytls: Configurable storage clean interval
* caddyfile: reject cyclic imports (#4022)
* ci: fuzz: add 4 more fuzzing targets (#4105)
* fileserver: Add status code override (#4076)
* notify: Send all sd_notify signals from main caddy process (#4060)
* go.mod: Update quic-go to v0.20.1 (#4075)
* httpcaddyfile: Fix panic in automation policy consolidation (#4104)
* caddyfile: Normalize line endings before comparing fmt result (#4103)
* ci: accommodate go1.16 changes to go mod (#4102)
* Minor tweaks
* go.mod: Use latest CertMagic
* Use 600 instead of 644 for UUID file
* Change os to ioutil for now
* reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)
* caddy: Add InstanceID() method
* encode,staticfiles: Content negotiation, precompressed files (#4045)
* reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
* go.mod: Migrate to golang.org/x/term (#4073)
* caddyhttp: improve grammar of comment for AllowH2C (#4072)
* sigtrap_posix: add missing comma to SIGTERM info (#4078)
* cmd: Use formatted logger for config adapter warnings (#4080)
* cmd: main: fix minor doc typos (#4082)
* headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)
* .gitignore: add IDE files (#4087)
* fileserver: Add a few more debug lines (#4063)
* fileserver: Browse listing supports dark mode (#4066)
* CONTRIBUTING: fix spelling (#4070)
* httpcaddyfile: Add `error` directive for the existing handler (#4034)
* logging: add replace filter for static value replacement (#4029)
* caddyconfig: add global option for configuring loggers (#4028)
* map: Accept regex substitution in outputs (#3991)
* reverseproxy: Fix upstreams with placeholders with no port (#4046)
* rewrite: Implement regex path replacements
* fileserver: Don't replace in request paths (fix #4027)
* caddypki: Add SignWithRoot option for ACME server
* reverseproxy: Fix round robin data race (#4038)
* Update docs; commit setcap.sh
* go.mod: Latest CertMagic (updated libdns conventions)
* core: Initialize logging before admin
* caddytls: Remove old asset migration code (close #3894)
* reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
* httpcaddyfile: Fix catch-all site block sorting
* ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024)
* caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
* Improve security warnings
* httpcaddyfile: Configure other apps from global options (#3990)
* cmd: Clean up `build-info` and `upgrade` output
* caddyhttp: Support placeholders in header matcher values (close #3916)
* caddytls: Save email with account if not already specified
* reverseproxy: Response buffering & configurable buffer size
* httpcaddyfile: Fix automation policies
* ci: deflake integration tests (#3966)
* httpcaddyfile: Add resolvers subdir of tls (close #4008)
* acmeserver: Support custom CAs from Caddyfile
* caddyhttp: Check for invalid subdirectives of static_response
* httpcaddyfile: Fix default issuers when email provided
* cmd: Add --force flag to reload command (close #4005)
* httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
* httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
* ci: update the command to run tests on the s390x machine (#3995)
* caddyhttp: Fix redir html status code, improve flow (#3987)
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
* admin: Identity management, remote admin, config loaders (#3994)
* caddycmd: Add upgrade command (#3972)
* Revert "requestbody: Allow overwriting remote address"
* caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
* httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
* cmd: Print more detailed version with --environ
* map: Add missing json struct tag
* tests: use actual admin port value in error message (#3973)
* cmd: Implement sd_notify() to notify systemd about readiness (#3963)
* templates: Add fileExists and httpError template actions
* requestbody: Allow overwriting remote address
* rewrite: Use RawPath instead of Path (fix #3596) (#3918)
* Update docs
* caddytls: Configurable OCSP stapling; global option (closes #3714)
* logging: Remove logfmt encoder (close #3575)
* httpcaddyfile: Support repeated use of cert_issuer global option
* caddytls: add 'key_type' subdirective (#3956)
* caddyfile: Refactor unmarshaling of module tokens
* go.mod: Update CertMagic and acmez (improved IDN support)
* reverseproxy: Caddyfile health check headers, host header support (#3948)
* httpcaddyfile: Adjust iterator when removing AP (fix #3953)
* cmd: Organize list-modules output; --packages flag (#3925)
* caddyfile: Introduce basic linting and fmt check (#3923)
-------------------------------------------------------------------
Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Create Caddy package