Skip to content

v2.5.2
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Jul 19:06
· 615 commits to master since this release
v2.5.2
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
ad3a83f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This patch release fixes bugs, adds some new features, and makes worthwhile enhancements. We recommend everyone test and upgrade!

Many improvements have been made to the reverse_proxy module.

Highlights:

  • New /adapt admin endpoint: Use your installed config adapters via API in addition to the existing caddy adapt CLI command.
  • New Etag/If-Match support for config API: Safely update your config concurrently and avoid collisions by using our unique Etag implementation.
  • Rename copied headers from reverse_proxy: If you're using handle_response, you can more easily map headers to a different name for clients.
  • Many HTTP matchers have been added to CEL: You can now use the logic of our HTTP request matchers in CEL expressions.
  • Notable bug fixes: EAB reuse, various QUIC & HTTP/3 fixes, more specific HTTP status codes, various reverse proxy fixes.

Changelog

  • 660c59b admin: Implement /adapt endpoint (close #4465) (#4846)
  • ad3a83f admin: expect quoted ETags (#4879)
  • f259ed5 admin: support ETag on config endpoints (#4579)
  • 1498132 caddyhttp: Log error from CEL evaluation (fix #4832)
  • 0a14f97 caddytls: Make peer certificate verification pluggable (#4389)
  • 412dcc0 caddytls: Reuse issuer between PreCheck and Issue (#4866)
  • 499ad6d core: Micro-optim in run() (#4810)
  • c0f76e9 fileserver: Use safe redirects in file browser
  • 58e05ca forwardauth: Fix case when copy_headers is omitted (#4856)
  • 0b6f764 forwardauth: Support renaming copied headers, block support (#4783)
  • 8bac134 go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
  • 3d18bc5 go.mod: Update go-yaml to v3
  • 5601393 go.mod: Update some dependencies
  • 8e6bc36 go.mod: Upgrade some dependencies
  • 53c4d78 headers: Only replace known placeholders (#4880)
  • 0bcd02d headers: Support wildcards for delete ops (close #4830) (#4831)
  • 58970ca httpcaddyfile: Add {err.*} placeholder shortcut (#4798)
  • b687d7b httpcaddyfile: Support multiple values for default_bind (#4774)
  • a926779 reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
  • aaf6794 reverseproxy: Add renegotiation param in TLS client (#4784)
  • 54d1923 reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
  • 7f9b1f4 reverseproxy: Correct the tls_server_name docs (#4827)
  • c82fe91 reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
  • d6bc9e0 reverseproxy: Err 503 if all upstreams unavailable
  • 98468af reverseproxy: Fix double headers in response handlers (#4847)
  • 25f1051 reverseproxy: Fix panic when TLS is not configured (#4848)
  • 5e729c1 reverseproxy: HTTP 504 for upstream timeouts (#4824)
  • f9b42c3 reverseproxy: Make TLS renegotiation optional
  • b6e96fa reverseproxy: Skip TLS for certain configured ports (#4843)
  • 57d27c1 reverseproxy: Support http1.1>h2c (close #4777) (#4778)
  • 9864b13 reverseproxy: api: Remove misleading 'healthy' value
  • 693e9b5 rewrite: Handle fragment before query (fix #4775)
  • 6891f7f templates: Add humanize function (#4767)
  • 9e760e2 templates: Documentation consistency (#4796)

New Contributors

Full Changelog: v2.5.1...v2.5.2

Contributors

davidbgk, yaslama, and 7 other contributors
Assets 28