0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-30 22:34:15 -05:00
caddy/dist/CHANGES.txt
2018-05-10 09:45:05 -06:00

22 KiB

CHANGES

0.11 (May 10, 2018)

  • Built with Go 1.10.2
  • Integrated optional telemetry client
  • proxy: Fixed file descriptor leak

0.10.14 (April 19, 2018)

  • tls: Fix error handling bug when obtaining certificates

0.10.13 (April 18, 2018)

  • New third-party plugin: supervisor
  • Updated QUIC
  • proxy: Fix transparent pass-thru of X-Forwarded-For
  • proxy: Configurable timeout to upstream
  • rewrite: Now supports regular expressions on single-line
  • tls: StrictHostMatching mode to prevent client auth bypass
  • tls: Disable client auth when using QUIC
  • tls: Require same client auth cert pools per hostname
  • tls: Prevent On-Demand TLS directory traversal
  • tls: Fix empty files when using ACME fails to obtain cert
  • Fixed test broken by 1.1.1.1 resolving
  • Improved Caddyfile parser robustness by fuzzing

0.10.12 (March 27, 2018)

  • Switch to Let's Encrypt ACMEv2 production endpoint
  • Support for automated wildcard certificates
  • Support distributed solving of HTTP-01 challenge
  • New {labelN}, {tls_cipher}, and {tls_version} placeholders
  • Curly braces can now be escaped when not used as placeholders
  • New third-party plugin: geoip
  • Updated QUIC
  • fastcgi: Add SSL_CIPHER and SSL_PROTOCOL environment variables
  • log: New 'except' subdirective to exempt paths from logging
  • startup/shutdown: Removed in favor of 'on'
  • tls: Default minimum version is TLS 1.2
  • tls: Revert to fallback cert if no cert matches SNI
  • tls: New 'wildcard' subdirective to force automated wildcard cert
  • Several significant bug fixes and improvements!

0.10.11 (February 20, 2018)

  • Built with Go 1.10
  • Reusable snippets for the Caddyfile
  • Updated QUIC
  • Auto-HTTPS certificates may be shared by multiple instances
  • Expand globbed values in -conf flag
  • Swap behavior of SIGTERM and SIGQUIT; ignore SIGHUP
  • 9 new DNS provider plugins for the ACME DNS challenge
  • New placeholder for {<Response-Header} values
  • basicauth: Username put in {user} placeholder
  • fastcgi: GET requests can now send a body
  • proxy: Service discovery with DNS SRV load balancing
  • request_id: Allow reusing request ID from header field
  • tls: Improved efficiency of many certificates and reloads
  • tls: Raise error if conflicting TLS configurations collide
  • tls: Raise TLS alert if SNI used and no cert matched
  • tls: Reject OCSP responses that expire after the certificate
  • tls: Clients can use SNI to request a specific certificate
  • tls: Add option for backend to approve on-demand certificate
  • tls: Synchronize maintenance of shared, managed certificates
  • Numerous fabulous bug fixes

0.10.10 (October 9, 2017)

  • Built with Go 1.9.1
  • Removed Caddy-Sponsors header
  • New 'on' directive that deprecates 'startup' and 'shutdown'
  • Changed CASE_SENSITIVE_PATH default to false
  • fastcgi: Support for SRV upstreams
  • redir: Rules with if statements are not checked for duplicates
  • Several minor bug fixes

0.10.9 (September 12, 2017)

  • EULA bundled with official binaries
  • Caddy-Sponsors header to indicate personal-use license
  • proxy: Support for QUIC backends
  • templates: Write proper status code if proxied
  • tls: Fix bug related to cert renewals

0.10.8 (September 8, 2017)

  • NACL compilation support
  • Merge multiple consecutive slashes when comparing paths
  • A few other bug fixes

0.10.7 (August 25, 2017)

  • Built with Go 1.9
  • New 3rd-party plugin directives: jekyll, awses, forwardproxy
  • Different exit codes
  • Plan 9 support
  • Graceful binary upgrades with SIGUSR2
  • internal: Support X-Accel-Redir without paths to protect
  • templates: Can execute templates loaded by other middleware
  • A few really good bug fixes

0.10.6 (July 28, 2017)

  • fastcgi: Fix runtime error for 32-bit and ARM architectures

0.10.5 (July 27, 2017)

  • Renamed requestid directive to request_id
  • Set default idle timeout of 5 minutes
  • New 3rd-party plugin directives: cache, nobots, webdav
  • New Unix timestamp placeholder {when_unix}
  • Improved MITM detection on iOS clients
  • errors, log: Fix log rolling parsing
  • gzip: Convert any ETag header to weak etag
  • fastcgi: Reverted persistent connections (issue #1736)
  • proxy: Added header loaded balancing policy
  • proxy: Fix hang on chunked WebSockets (e.g. with HomeAssistant)
  • Several other bug fixes and minor internal improvements

0.10.4 (June 28, 2017)

  • Vendor all dependencies
  • Improve MITM detection, add experimental Tor browser support
  • New requestid directive to add request IDs to each request
  • New HTTP plugins supported: authz, grpc, gopkg, reauth, restic
  • browse: Refreshed default UI and added symlink indicators
  • errors, log: Added rotate_compress directive to compress rolled logs
  • markdown: Template files loaded at each request instead of just once
  • proxy: Allow multiple Server header fields on downstream response
  • proxy: Perform health checks by body substring
  • rewrite,redir: Added 'not_starts_with' and 'not_ends_with' operators
  • tls: New ca subdirective to specify CA endpoint per-site
  • Several bug fixes

0.10.3 (May 19, 2017)

  • Replace 'maxrequestbody' directive with 'limits' directive
  • proxy: Configurable port for health check
  • proxy: New load balance policy: uri_hash
  • templates: Renamed .Push context action to .AddLink
  • tls: Allow narrower certificate renewal window at startup (#1680)
  • tls: Prefer ChaCha20 if hardware does not have AES-NI

0.10.2 (May 2, 2017)

  • Hot fix for rule paths of "/" so that they match every request
  • fastcgi: Match request paths that don't start with "/" even if rule does

0.10.1 (May 1, 2017)

  • Reduced memory usage for gzip, templates, and MITM detection
  • Fixed automatic HTTP->HTTPS redirects for sites with wildcard labels
  • proxy: Fix 'without' subdirective
  • A few other minor bug fixes and improvements

0.10 (April 20, 2017)

  • Built on Go 1.8.1
  • HTTPS interception detection
  • Updated QUIC
  • SIGUSR1 (reload) now works with QUIC servers
  • New 'push' directive for HTTP/2 server push
  • New 'index' directive to change the names of index files
  • New -http-port and -https-port flags to change protocol ports
  • New -disable-http-challenge and -disable-tls-sni-challenge flags
  • New event hook plugin type
  • New listener middleware plugin type
  • New placeholders for cookie, query, and rewritten URI values
  • basicauth: Ability to customize realm
  • browse: Default template now sorts by name with directories first
  • errors, log: Roll all logs by default
  • errors, log: Ability to write to remote syslog
  • errors, log: Standardized, simplified directive syntax
  • log: Patched common log format by adding missing "-"
  • proxy: New 'max_conns' setting to limit connections to upstreams
  • proxy: New 'first' load balancing policy for first available host
  • proxy: Health checks respect Host and insecure_skip_verify settings
  • templates: New .RandomString action to add random padding to page
  • timeouts: Disabled default HTTP timeouts
  • tls: Settings now apply per-site rather than for entire listener
  • tls: New 'alpn' setting to disable either HTTP/2 or HTTP/1.1 on per-site basis
  • tls: Added curve X25519
  • tls: Added ChaCha20-Poly1305 cipher suites
  • tls: Renamed muststaple to must_staple
  • tls: Setting max_certs obtains certs during handshakes for all hostnames
  • Dozens of miscellaneous bug fixes and improvements
  • New website
  • New build infrastructure
  • New deployment system

0.9.5 (January 24, 2017)

  • New -validate flag to only check a Caddyfile, then exit
  • New {when_iso} placeholder for timestamp ISO 8601 in UTC
  • New {rewrite_path} and {rewrite_path_escaped} placeholders
  • New 'timeouts' directive to configure or disable HTTP timeouts
  • HTTP-level timeouts enabled by default
  • basicauth: Authorization header stripped upon successful login
  • browse: Added textbox to filter listing in default template
  • browse: Sanitize file names and links in default template
  • browse: Ensure active Caddyfile is hidden regardless of cwd
  • fastcgi: New 'root' property, mainly for use with containers
  • markdown: Apply some front matter fields as tags
  • proxy: Fixed HTTP/2 upstream to backend; honors -http CLI flag
  • proxy: Fixed websockets over HTTPS
  • proxy: Reduced memory usage and improved performance
  • proxy: Added support for HTTP trailers
  • tls: Fixed deadlock that affected some background renewals
  • Several other smaller bugs squashed and improvements made

0.9.4 (December 21, 2016)

  • Updated QUIC
  • New maxrequestbody directive to limit size of request body
  • New {latency_ms} placeholder for latency always in ms
  • Serve statically compressed .gz and .br files
  • fastcgi: Support for multiple backends with basic load balancing
  • proxy: Fixed handling of encoded 'without' paths
  • proxy: Preserve trailing slash if present in request
  • proxy: Fix HTTP/2 upstreams
  • templates: New .Files action to list files in a directory
  • templates: .Include can now pass arguments to included file
  • tls: Added ability to customize preferred curves
  • tls: Added support for Must-Staple on managed certificates
  • tls: Fixed subtle edge case bug with TLS-SNI challenge
  • Lots of minor fixes and improvements

0.9.3 (September 28, 2016)

  • Updated QUIC to newer version
  • import: Glob pattern matching 0 files is no longer an error
  • fastcgi: Fixed persistent connections (disabled by default)
  • fastcgi: Configurable connection pool size parameter
  • proxy: Improved failover load balancing logic
  • proxy: Avoids duplicating header fields that would be confusing
  • proxy: New try_duration and try_interval parameters
  • proxy: Fix for IP hash policy when downed hosts come back up
  • Several other bug fixes and new tests

0.9.2 (September 20, 2016)

  • New -catimeout option to customize ACME CA HTTP timeout
  • import: Fix nested import absolute/relative paths
  • log: Fix multiple log outputs
  • proxy: Fix for keepalive in certain cases
  • tls: Fix for PreferServerCipherSuites
  • Numerous other bug fixes and internal improvements

0.9.1 (August 17, 2016)

  • New {request_body} placeholder to log request body
  • {remote} placeholder no longer uses X-Forwarded-For header
  • {latency} placeholder rounds to nice looking number
  • Add support for ratelimit plugin
  • basicauth: Declaring realm named "Restricted"
  • errors: Define catch-all/default error page with * character
  • header: More control to add, set, or remove headers
  • proxy: New keepalive setting to help accommodate busy servers
  • proxy: New load balancing policy ip_hash
  • proxy: Fixed WebSocket connections
  • proxy: Fixed broken header logic
  • proxy: Reuse existing connection for Upgrade requests
  • proxy: Support for basic auth from header or upstream address
  • templates: New .Env action to access environment variables
  • tls: OCSP staples persisted to disk
  • tls: ACME challenges honor bind directive
  • tls: Fix default protocol version (minimum TLS 1.1)
  • tls: Consume challenge requests only for names Caddy is solving for
  • tls: The protocol syntax allows just one value if desired
  • tls: Scoped max_certs limit to site instead of global maximum
  • Many other bug fixes and minor enhancements

0.9 (July 18, 2016)

  • New core
  • New experimental QUIC support with -quic flag (HTTPS only)
  • New -type option to specify other server types
  • Moved ~/.caddy/letsencrypt to ~/.caddy/acme and reorganized assets
  • Moved caddy package to top level folder, and pushed main to subfolder
  • New {request} placeholder to dump entire request (without body)
  • New {hostonly} placeholder for only hostname portion of host value
  • Site addresses can have paths
  • Site addresses can make some use of wildcards in domains
  • Renamed -directives flag to -plugins
  • Restarting no longer requires spawning a new process
  • Removed -restart option
  • fastcgi: Env variables now support placeholders
  • import: Import paths now relative to Caddyfile, not current working dir
  • markdown: Overhauled; removed site generation features
  • proxy: More control of headers; deprecating proxy_header subdirective
  • proxy: Specify multiple upstreams with optional port ranges
  • proxy: New preset 'transparent' to simplify common pass-thru headers
  • proxy: Chooses longest matching path; order declared is irrelevant
  • redir: Added if and if_op subdirectives to make conditional redirects
  • rewrite: Support for if_op to change how conditions are evaluated
  • tls: Generate self-signed certificates in memory
  • tls: Support for ACME DNS challenge with 10 providers
  • tls: Support for TLS-SNI challenge during restarts
  • Various bug fixes and enhancements

0.8.3 (April 26, 2016)

  • Built with Go 1.6.2
  • New pprof middleware for exposing process profiling endpoints
  • New expvar middleware for exposing memory/GC performance
  • New -restart option to force in-process restarts on Unix systems
  • Only fail to start if managed certificate is expired (issue #642)
  • Toggle case-sensitive path matching with environment variable
  • File server now adds ETag header for static files
  • browse: Replace .LinkedPath action with .BreadcrumbMap
  • fastcgi: New except clause to exclude paths
  • proxy: New max_conns setting to limit max connections per upstream
  • proxy: New replaceable value for name of upstream host
  • templates: New utility actions for dealing with strings
  • tls: Customize certificate key with key_type (+ECC)
  • tls: Session ticket keys are now rotated
  • Many other minor internal improvements and bug fixes

0.8.2 (February 25, 2016)

  • On-demand TLS can obtain certificates during handshakes
  • Built with Go 1.6
  • Process log (-log) is rotated when it gets large
  • Managed certificates get renewed 30 days early instead of just 14
  • fastcgi: Allow scheme prefix before address
  • markdown: Support for definition lists
  • proxy: Allow proxy to insecure HTTPS backends
  • proxy: Support proxy to unix socket
  • rewrite: Status code can be 2xx or 4xx
  • templates: New .Markdown action to interpret included file as Markdown
  • templates: .Truncate now truncates from end of string when length is negative
  • tls: Set hard limit for certificates obtained with on-demand TLS
  • tls: Load certificates from directory
  • tls: Add SHA384 cipher suites
  • Multiple bug fixes and internal changes

0.8.1 (January 12, 2016)

  • Improved OCSP stapling
  • Better graceful reload when new hosts need certificates from Let's Encrypt
  • Current pidfile is now deleted when Caddy exits
  • browse: New default template
  • gzip: Added min_length setting
  • import: Support for glob patterns (*) to import multiple files
  • rewrite: New complex rules with conditions, regex captures, and status code
  • tls: Removed DES ciphers from default cipher suite list
  • tls: All supported certificates are OCSP-stapled
  • tls: Allow custom configuration without specifying certificate and key
  • tls: No longer allow HTTPS over port 80
  • Dozens of bug fixes, improvements, and more tests across the board

0.8 (December 4, 2015)

  • HTTPS by default via Let's Encrypt (certs & keys are fully managed)
  • Graceful restarts (on POSIX-compliant systems)
  • Major internal refactoring to allow use of Caddy as library
  • New directive 'mime' to customize Content-Type based on file extension
  • New -accept flag to accept Let's Encrypt SA without prompt
  • New -email flag to customize default email used for ACME transactions
  • New -ca flag to customize ACME CA server URL
  • New -revoke flag to revoke a certificate
  • New -log flag to enable process log
  • New -pidfile flag to enable writing pidfile
  • New -grace flag to customize the graceful shutdown timeout
  • New support for SIGHUP, SIGTERM, and SIGQUIT signals
  • browse: Render filenames with multiple whitespace properly
  • core: Use environment variables in Caddyfile
  • markdown: Include Last-Modified header in response
  • markdown: Render tables, strikethrough, and fenced code blocks
  • proxy: Ability to exclude/ignore paths from proxying
  • startup, shutdown: Better Windows support
  • templates: Bug fix for .Host when port is absent
  • templates: Include Last-Modified header in response
  • templates: Support for custom delimiters
  • tls: For non-local hosts, default port is now 443 unless specified
  • tls: Force-disable HTTPS
  • tls: Specify Let's Encrypt email address
  • Many, many more tests and numerous bug fixes and improvements

0.7.6 (September 28, 2015)

  • Pass in simple Caddyfile as command line arguments
  • basicauth: Support for legacy htpasswd files
  • browse: JSON response with file listing
  • core: Caddyfile as command line argument
  • errors: Can write full stack trace to HTTP response for debugging
  • errors, log: Roll log files after certain size or age
  • proxy: Fix for 32-bit architectures
  • rewrite: Better compatibility with fastcgi and PHP apps
  • templates: Added .StripExt and .StripHTML methods
  • Internal improvements and minor bug fixes

0.7.5 (August 5, 2015)

  • core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
  • fastcgi: Set HTTPS env variable if connection is secure
  • log: Output to system log (except Windows)
  • markdown: Added dev command to disable caching during development
  • markdown: Fixed error reporting during initial site generation
  • markdown: Fixed crash if path does not exist when server starts
  • markdown: Fixed site generation and link indexing when files change
  • templates: Added .NowDate for use in date-related functions
  • Several bug fixes related to startup and shutdown functions

0.7.4 (July 30, 2015)

  • browse: Sorting preference persisted in cookie
  • browse: Added index.txt and default.txt to list of default files
  • browse: Template files may now use Caddy template actions
  • markdown: Template files may now use Caddy template actions
  • markdown: Several bug fixes, especially for large and empty Markdown files
  • markdown: Generate index pages to link to markdown pages (sitegen only)
  • markdown: Flatten structure of front matter, changed template variables
  • redir: Can use variables (placeholders) like log formats can
  • redir: Catch-all redirects no longer preserve path; use {uri} instead
  • redir: Syntax supports redirect tables by opening a block
  • templates: Renamed .Date to .Now and added .Truncate, .Replace actions
  • Other minor internal improvements and more tests

0.7.3 (July 15, 2015)

  • errors: Error log now shows timestamp with each entry
  • gzip: Fixed; Default filtering is by extension; removed MIME type filter
  • import: Fixed; works inside and outside server blocks
  • redir: Query string preserved on catch-all redirects
  • templates: Proper 403 or 404 errors for restricted or missing files

0.7.2 (July 1, 2015)

  • Custom builds through caddyserver.com - extend Caddy by writing addons
  • browse: Sort by clicking column heading or using query string
  • core: Serving hostname that doesn't resolve issues warning then listens on 0.0.0.0
  • errors: Missing error page during parse time is warning, not error
  • ext: Extension only appended if request path does not end in /
  • fastcgi: Fix for backend responding without status text
  • fastcgi: Fix PATH_TRANSLATED when PATH_INFO is empty (RFC 3875)
  • git: Removed from core (available as add-on)
  • gzip: Enable by file path and/or extension
  • gzip: Customize compression level
  • log: Fix for missing status in log entry when error unhandled
  • proxy: Strip prefix from path for proxy to path
  • redir: Meta tag redirects
  • templates: Support for nested includes
  • Internal improvements and more tests

0.7.1 (June 2, 2015)

  • basicauth: Patched timing vulnerability
  • proxy: Support for WebSocket backends
  • tls: Client authentication

0.7 (May 25, 2015)

  • New directive 'internal' to protect resources with X-Accel-Redirect
  • New -version flag to show program name and version
  • core: Fixed escaped backslash characters inside quoted strings
  • core: Fixed parsing Caddyfile for IPv6 addresses missing ports
  • core: A notice is shown when non-local address resolves to loopback interface
  • core: Warns if file descriptor limit is too low for production site (Mac/Linux)
  • fastcgi: Support for Unix sockets
  • git: Fixed issue that prevented pulling at designated interval
  • header: Remove a header field by prefixing field name with "-"
  • markdown: Simple static site generation
  • markdown: Support for metadata ("front matter") at beginning of files
  • rewrite: Experimental support for regular expressions
  • tls: Customize cipher suites and protocols
  • tls: Removed RC4 ciphers
  • Other internal improvements that are not user-facing (more tests, etc.)

0.6 (May 7, 2015)

  • New directive 'git' to automatically pull changes
  • New directive 'bind' to override host server binds to
  • New -root flag to specify root path to default site
  • Ability to receive config data piped through stdin
  • core: Warning if root directory doesn't exist at startup
  • core: Entire process dies if any server fails to start
  • gzip: Fixed Content-Length value when proxying requests
  • errors: Error log now includes file and line number of panics
  • fastcgi: Pass custom environment variables
  • fastcgi: Support for HEAD, OPTIONS, PUT, PATCH, and DELETE methods
  • fastcgi: Fixed SERVER_SOFTWARE variables
  • markdown: Support for index files when URL points to a directory
  • proxy: Load balancing with multiple backends, health checks, failovers, and multiple policies
  • proxy: Add custom headers
  • startup/shutdown: Run command in background with '&' at end
  • templates: Added .tpl and .tmpl as default extensions
  • templates: Support for index files when URL points to a directory
  • templates: Changed .RemoteAddr to .IP and stripped out remote port
  • tls: TLS disabled (with warning) for servers that are explicitly http://
  • websocket: Fixed SERVER_SOFTWARE and GATEWAY_INTERFACE variables
  • Many internal improvements

0.5.1 (April 30, 2015)

  • Default host is now 0.0.0.0 (wildcard)
  • New -host and -port flags to override default host and port
  • core: Support for binding to 0.0.0.0
  • core: Graceful error handling during heavy load; proper error responses
  • errors: Fixed file path handling
  • errors: Fixed panic due to nil log file
  • fastcgi: Support for index files
  • fastcgi: Fix for handling errors that come from responder

0.5 (April 28, 2015)

  • Initial release