diff --git a/_service b/_service
index 993121f..a0594e6 100644
--- a/_service
+++ b/_service
@@ -5,7 +5,7 @@
caddy
@PARENT_TAG@
v(.*)
- v2.7.6
+ v2.8.1
enable
diff --git a/_servicedata b/_servicedata
index 6ebecfe..dd121fb 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/caddyserver/caddy.git
- 6d9a83376b5e19b3c0368541ee46044ab284038b
\ No newline at end of file
+ 40c582ce8273bf12b08e8e77df6498bca5f626a6
\ No newline at end of file
diff --git a/caddy-2.7.6.tar.gz b/caddy-2.7.6.tar.gz
deleted file mode 100644
index 4584bb0..0000000
--- a/caddy-2.7.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5adde0ae5f4721981afb614f06bf5b0352a05283b3a7745f7e0f5e9cb1e2c4bf
-size 621822
diff --git a/caddy-2.8.1.tar.gz b/caddy-2.8.1.tar.gz
new file mode 100644
index 0000000..56e6ad1
--- /dev/null
+++ b/caddy-2.8.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c95c03ab508c621a214e740b503d8db41c251bae4c76c265298413625bfc6bd9
+size 678233
diff --git a/caddy.changes b/caddy.changes
index e40da4a..b5d6d06 100644
--- a/caddy.changes
+++ b/caddy.changes
@@ -1,3 +1,245 @@
+-------------------------------------------------------------------
+Thu May 30 16:17:13 UTC 2024 - Jeff Kowalczyk
+
+- Update to version 2.8.1:
+ * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)
+ * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
+
+-------------------------------------------------------------------
+Tue May 28 00:06:54 UTC 2024 - Jeff Kowalczyk
+
+- Update to version 2.8.0:
+ * acmeserver: Add `sign_with_root` for Caddyfile (#6345)
+ * caddyfile: Reject global request matchers earlier (#6339)
+ * core: Fix bug in AppIfConfigured (fix #6336)
+ * fix a typo (#6333)
+ * autohttps: Move log WARN to INFO, reduce confusion (#6185)
+ * reverseproxy: Support HTTP/3 transport to backend (#6312)
+ * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)
+ * Fix lint error about deprecated method in smallstep/certificates/authority
+ * go.mod: Upgrade dependencies
+ * caddytls: fix permission requirement with AutomationPolicy (#6328)
+ * caddytls: remove ClientHelloSNICtxKey (#6326)
+ * caddyhttp: Trace individual middleware handlers (#6313)
+ * templates: Add `pathEscape` template function and use it in file browser (#6278)
+ * caddytls: set server name in context (#6324)
+ * chore: downgrade minimum Go version in go.mod (#6318)
+ * caddytest: normalize the JSON config (#6316)
+ * caddyhttp: New experimental handler for intercepting responses (#6232)
+ * httpcaddyfile: Set challenge ports when http_port or https_port are used
+ * logging: Add support for additional logger filters other than hostname (#6082)
+ * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)
+ * Second half of 6dce493
+ * caddyhttp: Alter log message when request is unhandled (close #5182)
+ * chore: Bump Go version in CI (#6310)
+ * go.mod: go 1.22.3
+ * Fix typos (#6311)
+ * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)
+ * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308)
+ * go.mod: CertMagic v0.21.0
+ * reverseproxy: Implement health_follow_redirects (#6302)
+ * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)
+ * go.mod: Upgrade to quic-go v0.43.1
+ * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)
+ * caddytls: Ability to drop connections (close #6294)
+ * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)
+ * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)
+ * caddytls: Evict internal certs from cache based on issuer (#6266)
+ * chore: add warn logs when using deprecated fields (#6276)
+ * caddyhttp: Fix linter warning about deprecation
+ * go.mod: Upgrade to quic-go v0.43.0
+ * fileserver: Set "Vary: Accept-Encoding" header (see #5849)
+ * events: Add debug log
+ * reverseproxy: handle buffered data during hijack (#6274)
+ * ci: remove `android` and `plan9` from cross-build workflow (#6268)
+ * run `golangci-lint run --fix --fast` (#6270)
+ * caddytls: Option to configure certificate lifetime (#6253)
+ * replacer: Implement `file.*` global replacements (#5463)
+ * caddyhttp: Address some Go 1.20 features (#6252)
+ * Quell linter (false positive)
+ * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)
+ * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)
+ * caddytls: Add Caddyfile support for on-demand permission module (close #6260)
+ * reverseproxy: Remove long-deprecated buffering properties
+ * reverseproxy: Reuse buffered request body even if partially drained
+ * reverseproxy: Accept EOF when buffering
+ * logging: Fix default access logger (#6251)
+ * fileserver: Improve Vary handling (#5849)
+ * cmd: Only validate config is proper JSON if config slice has data (#6250)
+ * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249)
+ * encode: Slight fix for the previous commit
+ * encode: Improve Etag handling (fix #5849)
+ * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)
+ * caddyfile: Populate regexp matcher names by default (#6145)
+ * caddyhttp: record num. bytes read when response writer is hijacked (#6173)
+ * caddyhttp: Support multiple logger names per host (#6088)
+ * chore: fix some typos in comments (#6243)
+ * encode: Configurable compression level for zstd (#6140)
+ * caddytls: Remove shim code supporting deprecated lego-dns (#6231)
+ * connection policy: add `local_ip` matcher (#6074)
+ * reverseproxy: Wait for both ends of websocket to close (#6175)
+ * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
+ * caddytls: Still provision permission module if ask is specified
+ * fileserver: read etags from precomputed files (#6222)
+ * fileserver: Escape # and ? in img src (fix #6237)
+ * reverseproxy: Implement modular CA provider for TLS transport (#6065)
+ * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)
+ * cmd: Fix panic related to config filename (fix #5919)
+ * cmd: Assume Caddyfile based on filename prefix and suffix (#5919)
+ * admin: Make `Etag` a header, not a trailer (#6208)
+ * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)
+ * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)
+ * gitignore: Add rule for caddyfile.go (#6225)
+ * chore: Fix broken links in README.md (#6223)
+ * chore: Upgrade some dependencies (#6221)
+ * caddyhttp: Add plaintext response to `file_server browse` (#6093)
+ * admin: Use xxhash for etag (#6207)
+ * modules: fix some typo in conments (#6206)
+ * caddyhttp: Replace sensitive headers with REDACTED (close #5669)
+ * caddyhttp: close quic connections when server closes (#6202)
+ * reverseproxy: Use xxhash instead of fnv32 for LB (#6203)
+ * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)
+ * chore: upgrade deps (#6198)
+ * chore: remove repetitive word (#6193)
+ * Added a null check to avoid segfault on rewrite query ops (#6191)
+ * rewrite: `uri query` replace operation (#6165)
+ * logging: support `ms` duration format and add docs (#6187)
+ * replacer: use RWMutex to protect static provider (#6184)
+ * caddyhttp: Allow `header` replacement with empty string (#6163)
+ * vars: Make nil values act as empty string instead of `""` (#6174)
+ * chore: Update quic-go to v0.42.0 (#6176)
+ * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)
+ * reverseproxy: configurable active health_passes and health_fails (#6154)
+ * reverseproxy: Configurable forward proxy URL (#6114)
+ * caddyhttp: upgrade to cel v0.20.0 (#6161)
+ * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169)
+ * caddyhttp: suppress flushing if the response is being buffered (#6150)
+ * chore: encode: use FlushError instead of Flush (#6168)
+ * encode: write status immediately when status code is informational (#6164)
+ * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153)
+ * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865)
+ * rewrite: Implement `uri query` operations (#6120)
+ * fix struct names (#6151)
+ * fileserver: Preserve query during canonicalization redirect (#6109)
+ * logging: Implement `log_append` handler (#6066)
+ * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)
+ * logging: Implement `append` encoder, allow flatter filters config (#6069)
+ * ci: fix the integration test `TestLeafCertLoaders` (#6149)
+ * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108)
+ * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)
+ * cmd: Adjust config load logs/errors (#6032)
+ * reverseproxy: SRV dynamic upstream failover (#5832)
+ * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)
+ * core: OnExit hooks (#6128)
+ * cmd: fix the output of the `Usage` section (#6138)
+ * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)
+ * acmeserver: add policy field to define allow/deny rules (#5796)
+ * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)
+ * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119)
+ * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103)
+ * caddyfile: Assert having a space after heredoc marker to simply check (#6117)
+ * chore: Update Chroma to get the new Caddyfile lexer (#6118)
+ * reverseproxy: use context.WithoutCancel (#6116)
+ * caddyfile: Reject directives in the place of site addresses (#6104)
+ * caddyhttp: Register post-shutdown callbacks (#5948)
+ * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)
+ * caddyauth: Drop support for `scrypt` (#6091)
+ * Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100)
+ * caddyauth: Rename `basicauth` to `basic_auth` (#6092)
+ * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094)
+ * caddyfile: Reject long heredoc markers (#6098)
+ * chore: Rename CI jobs, run on M1 mac (#6089)
+ * update comment
+ * improved list
+ * fix: add back text/*
+ * fix: add more media types to the compressed by default list
+ * acmeserver: support specifying the allowed challenge types (#5794)
+ * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085)
+ * caddyhttp: Test cases for `%2F` and `%252F` (#6084)
+ * bump to golang 1.22 (#6083)
+ * fileserver: Browse can show symlink target if enabled (#5973)
+ * core: Support NO_COLOR env var to disable log coloring (#6078)
+ * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080)
+ * Update comment in setcap helper script
+ * caddytls: Make on-demand 'ask' permission modular (#6055)
+ * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945)
+ * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043)
+ * chore: enabling a few more linters (#5961)
+ * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)
+ * caddyfile: Switch to slices.Equal for better performance (#6061)
+ * tls: modularize trusted CA providers (#5784)
+ * logging: Automatic `wrap` default for `filter` encoder (#5980)
+ * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)
+ * caddyfile: Normalize & flatten all unmarshalers (#6037)
+ * cmd: reverseproxy: log: use caddy logger (#6042)
+ * matchers: `query` now ANDs multiple keys (#6054)
+ * caddyfile: Add heredoc support to `fmt` command (#6056)
+ * refactor: move automaxprocs init in caddycmd.Main()
+ * caddyfile: Allow heredoc blank lines (#6051)
+ * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965)
+ * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
+ * fileserver: Implement caddyfile.Unmarshaler interface (#5850)
+ * reverseproxy: Add `tls_curves` option to HTTP transport (#5851)
+ * caddyhttp: Security enhancements for client IP parsing (#5805)
+ * replacer: Fix escaped closing braces (#5995)
+ * filesystem: Globally declared filesystems, `fs` directive (#5833)
+ * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031)
+ * httpcaddyfile: Fix redir html (#6001)
+ * httpcaddyfile: Support client auth verifiers (#6022)
+ * tls: add reuse_private_keys (#6025)
+ * reverseproxy: Only change Content-Length when full request is buffered (#5830)
+ * Switch Solaris-derivatives away from listen_unix (#6021)
+ * build(deps): bump actions/upload-artifact from 3 to 4 (#6013)
+ * build(deps): bump actions/setup-go from 4 to 5 (#6012)
+ * chore: check against errors of `io/fs` instead of `os` (#6011)
+ * caddyhttp: support unix sockets in `caddy respond` command (#6010)
+ * fileserver: Add total file size to directory listing (#6003)
+ * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
+ * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994)
+ * cmd: use automaxprocs for better perf in containers (#5711)
+ * logging: Add `zap.Option` support (#5944)
+ * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)
+ * metrics: Record request metrics on HTTP errors (#5979)
+ * go.mod: Updated quic-go to v0.40.1 (#5983)
+ * fileserver: Enable compression for command by default (#5855)
+ * fileserver: New --precompressed flag (#5880)
+ * caddyhttp: Add `uuid` to access logs when used (#5859)
+ * proxyprotocol: use github.com/pires/go-proxyproto (#5915)
+ * cmd: Preserve LastModified date when exporting storage (#5968)
+ * core: Always make AppDataDir for InstanceID (#5976)
+ * chore: cross-build for AIX (#5971)
+ * caddytls: Sync distributed storage cleaning (#5940)
+ * caddytls: Context to DecisionFunc (#5923)
+ * tls: accept placeholders in string values of certificate loaders (#5963)
+ * templates: Offically make templates extensible (#5939)
+ * http2 uses new round-robin scheduler (#5946)
+ * panic when reading from backend failed to propagate stream error (#5952)
+ * chore: Bump otel to v1.21.0. (#5949)
+ * httpredirectlistener: Only set read limit for when request is HTTP (#5917)
+ * fileserver: Add .m4v for browse template icon
+ * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924)
+ * go.mod: update quic-go version to v0.40.0 (#5922)
+ * update quic-go to v0.39.3 (#5918)
+ * chore: Fix usage pool comment (#5916)
+ * test: acmeserver: add smoke test for the ACME server directory (#5914)
+ * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
+ * caddyhttp: Adjust `scheme` placeholder docs (#5910)
+ * go.mod: Upgrade quic-go to v0.39.1
+ * go.mod: CVE-2023-45142 Update opentelemetry (#5908)
+ * templates: Delete headers on `httpError` to reset to clean slate (#5905)
+ * httpcaddyfile: Remove port from logger names (#5881)
+ * core: Apply SO_REUSEPORT to UDP sockets (#5725)
+ * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
+ * cmd: Add newline character to version string in CLI output (#5895)
+ * core: quic listener will manage the underlying socket by itself (#5749)
+ * templates: Clarify `include` args docs, add `.ClientIP` (#5898)
+ * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
+ * cmd: upgrade: resolve symlink of the executable (#5891)
+ * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
+- Packaging improvements:
+ * Update to BuildRequires: golang(API) >= 1.21 matching go.mod
+
+
-------------------------------------------------------------------
Sun Mar 31 12:39:10 UTC 2024 - Bernhard Wiedemann
diff --git a/caddy.spec b/caddy.spec
index 7709ae6..180cee0 100644
--- a/caddy.spec
+++ b/caddy.spec
@@ -25,7 +25,7 @@
%endif
Name: caddy
-Version: 2.7.6
+Version: 2.8.1
Release: 0
Summary: Fast, multi-platform web server with automatic HTTPS
License: Apache-2.0
@@ -41,7 +41,7 @@ Source6: zsh-completion
Source7: caddy.sysusers
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
-BuildRequires: golang(API) >= 1.20
+BuildRequires: golang(API) >= 1.21
%{?systemd_requires}
%{sysusers_requires}
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 37c9456..e8c0a85 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:9f7149fd117478dcccaa392eba8e6aa6dfbb07f2605e20ab553fbea297ebaa1a
-size 9408098
+oid sha256:09f9e9d32913e127a94190df961ebd4f8c058b19b2b4314193a502bac54d03c5
+size 9782329