- Update to version 3.0.1
* CVEs:
* CVE-2024-24788 (bsc#1224018): A malformed DNS message in response to a
query can cause the Lookup functions to get stuck in an infinite loop.
* Bug fixes:
* [k8s/ingress] Fix rule syntax version for all internal routers
(gh#traefik/traefik#10689 by HalloTschuess)
* [metrics,tracing] Allow empty configuration for OpenTelemetry metrics
and tracing (gh#traefik/traefik#10729 by rtribotte)
* [provider,tls] Bump tscert dependency to 28a91b69a046
(gh#traefik/traefik#10668 by kevinpollet)
* [rules,tcp] Fix the rule syntax mechanism for TCP
(gh#traefik/traefik#10680 by lbenguigui)
* [tls,server] Remove deadlines when handling PostgreSQL connections
(gh#traefik/traefik#10675 by rtribotte)
* [webui] Add support for IP White list
(gh#traefik/traefik#10740 by davidbaptista)
* Additional fixes: bnc#1224308 and bnc#1224384
- New packaging:
Traefik's src.tar.gz files containing a pre-built frontend are now
used for packaging with simplifies the packaging process a lot.
* Set the version in the spec-file
* download sources with "osc service localrun download_files"
* create go vendor-package using "osc service manualrun"
- Removed allow-node-21.patch and prepare-sources.sh script
OBS-URL: https://build.opensuse.org/request/show/1176506
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=34
- Added allow-node-21.patch to allow building with nodejs21, too
- Update to version 2.11.2
Important: Read the migration guide at https://doc.traefik.io/traefik/migration/v2/#v2112
* CVE's:
* GHSA-7f4j-64p6-5h5v (related to CVE-2023-45288)
* CVE-2024-28869
* Bug fixes:
* [server] Revert LingeringTimeout and change default value for ReadTimeout
* [server] Set default ReadTimeout value to 60s
- Removed traefik-fix-int-overflow-with-go-generate-10452.patch
- Update to version 2.11.1:
* Bug fixes:
* [acme,tls] Enforce handling of ACME-TLS/1 challenges
* [acme] Update go-acme/lego to v4.16.1
* [acme] Close created file in ACME local store CheckFile func
* [docker,http3] Update to quic-go v0.42.0 and docker/cli v24.0.9
* [docker,marathon,rancher,ecs,tls,nomad] Allow to configure TLSStore default generated certificate with labels
* [ecs] Adjust ECS network interface detection logi
* [logs,tls] Fix log when default TLSStore and TLSOptions are defined multiple times
* [middleware] Allow empty replacement with ReplacePathRegex middleware
* [plugins] Update Yaegi to v0.16.1
* [provider,rules] Don't allow routers higher than internal ones
* [rules] Reserve priority range for internal router
* [server,tcp] Introduce Lingering Timeout
* [tcp] Enforce failure for TCP HostSNI with hostname
* [tracing] Bump Elastic APM to v2.4.8
* [webui] Fix dashboard exposition through a router
* [webui] Display IPAllowlist middleware configuration in dashboard
* [webui] Make text more readable in dark mode
* [webui] Migrate to Quasar 2.x and Vue.js 3.x
* [webui] Add a horizontal scroll for the mobile view
OBS-URL: https://build.opensuse.org/request/show/1171807
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=30
- configuration changes:
* Enhanced default configuration file, including configs for http3 support.
* Docker configuration has been disabled per default, file provider has been enabled.
The directory for the file provider has been set to /etc/traefik/conf.d
* Prepared directories for logging in /var/log/traefik
* Enhanced default configuration file, including configs for http3 support. Settings
are disabled per default.
- packaging general:
* Use standard source-download feature, modified _service file and removed _servicedata
* packagers can invoke `prepare-sources.sh` to doenload sources and prepare go-packages
as well as node_modules for the built process.
- frontend packaging:
* The frontend will now be packaged on OBS to have reproduceable builds.
- Go packaging:
* Added upstream patch traefik-fix-int-overflow-with-go-generate-10452.patch to
allow packaging on 32bit architectures gh#traefik/traefik#10451
* Enabled CGO because there is no cross compilation needed in OSB (we build
packages for every distribution/architecture seperately). PIE can not be used
with CGO enabled for most architectures and is reported as failure sinc go 1.22.
See https://github.com/golang/go/issues/64875
* Don't use pie-buildmode for ppc64 and s390x architectures
- Update to version 2.11.0:
* Enhancements:
* [middleware] Deprecate IPWhiteList middleware in favor of IPAllowList
* [redis] Add Redis Sentinel support
* [server] Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints
* [sticky-session] Hash WRR sticky cookies
* Bug fixes:
* [acme] Update go-acme/lego to v4.15.0
* [authentication] Fix NTLM and Kerberos
* [file] Fix file watcher
* [file] Update github.com/fsnotify/fsnotify to v1.7.0
* [http3] Update quic-go to v0.40.1
* [middleware,tcp] Add missing TCP IPAllowList middleware constructor
* [nomad] Update the Nomad API dependency to v1.7.2
* [server] Fix ReadHeaderTimeout for PROXY protocol
* [webui] Fixes the Header Button
* [webui] Fix URL encode resource's id before calling API endpoints
OBS-URL: https://build.opensuse.org/request/show/1155081
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=27