⬆️ (dependencies): Update dependency caddyserver/caddy to v2.8.3#139
Merged
renovate[bot] merged 1 commit intomainfrom Jun 2, 2024
Merged
⬆️ (dependencies): Update dependency caddyserver/caddy to v2.8.3#139renovate[bot] merged 1 commit intomainfrom
renovate[bot] merged 1 commit intomainfrom
Conversation
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.7.6->2.8.3Release Notes
caddyserver/caddy (caddyserver/caddy)
v2.8.3Compare Source
v2.8.2Compare Source
A few more fixes of reported bugs related to ARI,
try_fileswith the root path (/), and Caddyfile adapter detection on the CLI. See 2.8.0 release notes for details on 2.8.Changelog
01308b4I'm so tired of typosa63767dbuild(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)f8a2c60caddyhttp: properly sanitize requests for root path (#6360)b7280e6caddytls: Implement certmagic.RenewalInfoGetter15faeaccmd: fix auto-detetction of .caddyfile extension (#6356)Full Changelog: caddyserver/caddy@v2.8.1...v2.8.2
v2.8.1Compare Source
Quick fixes for a few users related to directory permissions and matcher parsing.
Changelog
40c582ccaddyhttp: Fix merging consecutiveclient_iporremote_ipmatchers (#6350)a52917acore: MkdirAll appDataDir in InstanceID with 0o700 (#6340)v2.8.0Compare Source
Caddy 2.8 is here! With hundreds of improvements, Caddy is more scalable and capable than ever before. Featuring ACME Renewal Information (ARI) support, HTTP/3 to proxy backends, and so much more than we can list in a sentence, we are pleased to bring you one of the biggest Caddy updates yet. Documentation on our website will be updated in the coming days.
We've implemented a ton of improvements, fixes, and awesome new features based on your feedback. While some of them aren't particularly visible changes, they allow Caddy to scale better and be more reliable in demanding deployments. Many of the changes are quality-of-life improvements we hope you'll appreciate. Then there's improvements to ACMEz, CertMagic, and other dependencies which make Caddy better that may not show up in this list.
There was a lot of code that had been documented as deprecated in place for a long time, so this version introduces a few more breaking changes than usual; please review the notes below.
Thank you to our sponsors and everyone in the community who contributed -- over 40 of you made your first contribution for this release. We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project. Caddy 2.8 is already being used in our sponsors' large-scale, multi-region production deployments.
Want to join those ranks? Sponsor the Caddy project and benefit from development priority, dedicated private support, and much more.
As with any server upgrades, please be sure to test and validate your configurations in a staging or test environment before deploying to production. Thank you and have a great day!
emailglobal option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.acmeissuer with youremailfilled out, and thecafield set to ZeroSSL's ACME server URL.zerosslissuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with theacmemodule pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:lego_deprecatedDNS provider module. It has been deprecated for 4 years. Usecaddy-dnsmodules instead; there are over 50 to choose from already. They are more flexible, compile much leaner, and are easier to implement and support. If yours is not supported it can be easily implemented. Sponsors at or above the Business tier can request to have their provider implemented for free.askoption in the JSON has been deprecated in favor of a permission module (Caddyfile unchanged) (#6055), and Caddyfile support forpermissionmodules is added (6a02999)Etag(used for concurrency control) is now a header, not a trailer. This is less efficient, but still virtually no clients properly implement trailer support.basicauthCaddyfile directive has been renamed tobasic_auth(#6092), andskip_loghas been renamed tolog_skip. The old names will continue to work for now, with a deprecation warning in the logs. (#6066).basic_authhandler no longer supportsscrypt(deprecated for nearly two years) (#6091)forwardedoption has been deprecated for a long time and has now been removed from theremote_ipmatcher. Use theclient_ipmatcher instead. (#6085)buffer_requests,buffer_responses, andmax_buffer_sizesettings have been removed after being deprecated for 14 months. Userequest_buffersandresponse_buffersinstead if you need buffering.caddy.Context.AppIfConfigured(), it now returns an error, as part of a bug fix. (#6292)Notable changes:
--adapterflag is not needed for config files ending with.caddyfile(#5919)zstd(#6140)fsdirective can declare a file system plugin to use (#5057)["REDACTED"]instead of empty array. (#5669)log_appendhandler can add fields to the access logs (#6066)uuidfield to access logs when the{http.request.uuid}placeholder is used (#5859){file.*}global placeholder is available, where*is a path to a file on disk which contains a value (generally used for secrets) (#5463)*matcher token is no longer required in the Caddyfile (#5844)local_ipconnection matcher (#6074)askendpoint into apermissionmodule, making it pluggable (#6055)uri query(#6120, #6165)Changelog
Full Changelog: caddyserver/caddy@v2.7.6...v2.8.0
ac0ad4dUpgrade acmeserver to github.com/go-chi/chi/v5 (#5913)931656bacmeserver: add policy field to define allow/deny rules (#5796)e1aa862acmeserver: support specifying the allowed challenge types (#5794)e6f46c8acmeserver: Addsign_with_rootfor Caddyfile (#6345)4a0492fadmin: MakeEtaga header, not a trailer (#6208)1217449admin: Use xxhash for etag (#6207)7e2510ebuild(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)4f3f6e3build(deps): bump actions/setup-go from 4 to 5 (#6012)8a50f19build(deps): bump actions/upload-artifact from 3 to 4 (#6013)1bf72dbbuild(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994)223f314build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080)30d6364caddyauth: Drop support forscrypt(#6091)f9e1115caddyauth: Renamebasicauthtobasic_auth(#6092)f4840cfcaddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)f6d2c29caddyfile: Reject global request matchers earlier (#6339)c0273f1caddyfile: Add heredoc support tofmtcommand (#6056)d9aded0caddyfile: Allow heredoc blank lines (#6051)8bbf8eccaddyfile: Assert having a space after heredoc marker to simply check (#6117)c369df5caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)1f60328caddyfile: Fix variadic placeholder false positive when token contains:(#5883)750d0b8caddyfile: Normalize & flatten all unmarshalers (#6037)9cd472ccaddyfile: Populate regexp matcher names by default (#6145)b893c8ccaddyfile: Reject directives in the place of site addresses (#6104)e7a534dcaddyfile: Reject long heredoc markers (#6098)7c48b5fcaddyfile: Switch to slices.Equal for better performance (#6061)63d597ccaddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)3d7d60fcaddyhttp: Adduuidto access logs when used (#5859)45132c5caddyhttp: Add plaintext response tofile_server browse(#6093)6d97d8dcaddyhttp: Address some Go 1.20 features (#6252)4c10a05caddyhttp: Adjustschemeplaceholder docs (#5910)97a56d8caddyhttp: Allowheaderreplacement with empty string (#6163)83ef61dcaddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)2fc620dcaddyhttp: Fix linter warning about deprecationf5344f8caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)2c48ddacaddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)1277888caddyhttp: Register post-shutdown callbacks (#5948)7b48ce0caddyhttp: Replace sensitive headers with REDACTED (close #5669)cc0c0cfcaddyhttp: Security enhancements for client IP parsing (#5805)70953e8caddyhttp: Support multiple logger names per host (#6088)bde4621caddyhttp: Test cases for%2Fand%252F(#6084)c8559c4caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)ddb1d2ccaddyhttp: add http.request.local{,.host,.port} placeholder (#6182)924010ccaddyhttp: close quic connections when server closes (#6202)e0daa39caddyhttp: record num. bytes read when response writer is hijacked (#6173)654a3bbcaddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)b568a10caddyhttp: support unix sockets incaddy respondcommand (#6010)c93e304caddyhttp: suppress flushing if the response is being buffered (#6150)52822a4caddyhttp: upgrade to cel v0.20.0 (#6161)224316ecaddyhttp: Move log WARN to INFO, reduce confusion (#6185)6dce493caddyhttp: Alter log message when request is unhandled (close #5182)4af38e5caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)fb63e2ecaddyhttp: New experimental handler for intercepting responses (#6232)9ba9991caddyhttp: Trace individual middleware handlers (#6313)c97292bcaddypki: Allow use of root CA without a key. Fixes #6290 (#6298)4512be4caddytest: Rename adapt tests to*.caddyfiletestextension (#6119)4c90f14caddytest: normalize the JSON config (#6316)8d7ac18caddytls: Ability to drop connections (close #6294)6a02999caddytls: Add Caddyfile support for on-demand permission module (close #6260)b24ae63caddytls: Context to DecisionFunc (#5923)d129ae6caddytls: Evict internal certs from cache based on issuer (#6266)57c5b92caddytls: Make on-demand 'ask' permission modular (#6055)76c4cf5caddytls: Option to configure certificate lifetime (#6253)3609a4acaddytls: Remove shim code supporting deprecated lego-dns (#6231)dc9dd2ecaddytls: Still provision permission module if ask is specified4a09cf0caddytls: Sync distributed storage cleaning (#5940)81413cacaddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)3ae07a7caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)03f703acaddytls: verifier: caddyfile: re-add Caddyfile support (#6127)db3e19bcaddytls: fix permission requirement with AutomationPolicy (#6328)1fc151fcaddytls: remove ClientHelloSNICtxKey (#6326)e66040acaddytls: set server name in context (#6324)b359ca5ci/cd: use the build tagnobadgerto exclude badgerdb (#6031)24b0ecccmd: Add newline character to version string in CLI output (#5895)e473ae6cmd: Adjust config load logs/errors (#6032)185ed6fcmd: Assume Caddyfile based on filename prefix and suffix (#5919)e1f4b83cmd: Fix panic related to config filename (fix #5919)8f87c5dcmd: Only validate config is proper JSON if config slice has data (#6250)56c6b3fcmd: Preserve LastModified date when exporting storage (#5968)de4959fcmd: fix the output of theUsagesection (#6138)54823f5cmd: reverseproxy: log: use caddy logger (#6042)d70608bcmd: upgrade: resolve symlink of the executable (#5891)d54dcf1cmd: use automaxprocs for better perf in containers (#5711)e1b9a9dcore: Addctx.Slogger()which returns ansloglogger (#5945)cbbd1dfcore: Always make AppDataDir for InstanceID (#5976)174c19acore: Apply SO_REUSEPORT to UDP sockets (#5725)46c5db9core: OnExit hooks (#6128)a747930core: Support NO_COLOR env var to disable log coloring (#6078)7c82e26core: quic listener will manage the underlying socket by itself (#5749)a6a45ffcore: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)2ce5c65core: Fix bug in AppIfConfigured (fix #6336)03e0a01encode: Configurable compression level for zstd (#6140)3067074encode: Improve Etag handling (fix #5849)9ab0943encode: Slight fix for the previous commite698ec5encode: write status immediately when status code is informational (#6164)ba58114events: Add debug log7e52db8fileserver: Add .m4v for browse template icon8f9ffc5fileserver: Add total file size to directory listing (#6003)feb07a7fileserver: Browse can show symlink target if enabled (#5973)b16aba5fileserver: Enable compression for command by default (#5855)5d8b45cfileserver: Escape # and ? in img src (fix #6237)f3e849efileserver: Implement caddyfile.Unmarshaler interface (#5850)d00824ffileserver: Improve Vary handling (#5849)362f33dfileserver: New --precompressed flag (#5880)5a4374bfileserver: Preserve query during canonicalization redirect (#6109)cabb5d7fileserver: Set "Vary: Accept-Encoding" header (see #5849)567d96cfileserver: read etags from precomputed files (#6222)c839a98filesystem: Globally declared filesystems,fsdirective (#5833)60abd72fix: add back text/*b8f729bfix: add more media types to the compressed by default lista4a64a6gitignore: Add rule for caddyfile.go (#6225)9fc55a9go.mod: CVE-2023-45142 Update opentelemetry (#5908)fe2a02bgo.mod: Upgrade quic-go to v0.39.1b49ec05go.mod: Updated quic-go to v0.40.1 (#5983)ee35855go.mod: update quic-go version to v0.40.0 (#5922)a46ff50go.mod: Upgrade to quic-go v0.43.0b522710go.mod: Upgrade to quic-go v0.43.1dd203adgo.mod: CertMagic v0.21.0d79c0f0go.mod: Upgrade dependenciesabdf1aego.mod: go 1.22.3258d906httpcaddyfile: AddRegisterDirectiveOrderfunction for plugin authors (#5865)4181c79httpcaddyfile: Add optional status code argument tohandle_errorsdirective (#5965)2a78c9chttpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)7984e6fhttpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)f976c84httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)c2d889fhttpcaddyfile: Fix redir html (#6001)c27425ehttpcaddyfile: Keep deprecatedskip_login directive order (#6153)ac1f20bhttpcaddyfile: Remove port from logger names (#5881)5e2f1b5httpcaddyfile: Rewriterootandrewriteparsing to allow omitting matcher (#5844)3efda6fhttpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)da7d8cbhttpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)cb86319httpcaddyfile: Support client auth verifiers (#6022)feeb6afhttpcaddyfile: Fix expression matcher shortcut in snippets (#6288)583c585httpcaddyfile: Set challenge ports when http_port or https_port are used96f638ehttpredirectlistener: Only set read limit for when request is HTTP (#5917)3248e4clogging: Addzap.Optionsupport (#5944)b9c40e7logging: Automaticwrapdefault forfilterencoder (#5980)726a9a8logging: Fix default access logger (#6251)01d5568logging: Implementappendencoder, allow flatter filters config (#6069)0d44e3elogging: Implementlog_appendhandler (#6066)91ec754logging: Inline Caddyfile syntax forip_maskfilter (#6094)0c01547logging: supportmsduration format and add docs (#6187)4356635logging: Add support for additional logger filters other than hostname (#6082)8c2a72acaddyhttp: Dropforwardedoption fromremote_ipmatcher (#6085)ed7e3c9caddyhttp:querymatcher now ANDs multiple keys (#6054)387545ametrics: Record request metrics on HTTP errors (#5979)e0bf179modules: fix some typo in conments (#6206)dc12bd9proxyprotocol: use github.com/pires/go-proxyproto (#5915)dba556frefactor: move automaxprocs init in caddycmd.Main()80acf1breplacer: Fix escaped closing braces (#5995)7979739replacer: Implementfile.*global replacements (#5463)e7336ccreplacer: use RWMutex to protect static provider (#6184)868af6areverseproxy: Add grace_period for SRV upstreams to Caddyfile (#6264)613d544reverseproxy: Accept EOF when bufferingf658fd0reverseproxy: Addtls_curvesoption to HTTP transport (#5851)a9768d2reverseproxy: Configurable forward proxy URL (#6114)0b381ebreverseproxy: Implement modular CA provider for TLS transport (#6065)d9ff7b1reverseproxy: Only change Content-Length when full request is buffered (#5830)9f97df2reverseproxy: Remove long-deprecated buffering propertiesd93e027reverseproxy: Reuse buffered request body even if partially drained72ce78dreverseproxy: SRV dynamic upstream failover (#5832)74949fbreverseproxy: Use xxhash instead of fnv32 for LB (#6203)b40cacfreverseproxy: Wait for both ends of websocket to close (#6175)e65b97freverseproxy: configurable active health_passes and health_fails (#6154)da6a569reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)1b9042breverseproxy: handle buffered data during hijack (#6274)53f7035reverseproxy: use context.WithoutCancel (#6116)d05d715reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)b2b29dcreverseproxy: Implement health_follow_redirects (#6302)e60148ereverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)5f6758dreverseproxy: Support HTTP/3 transport to backend (#6312)69290d2rewrite: Implementuri queryoperations (#6120)29f57farewrite:uri queryreplace operation (#6165)c6673adstaticresp: Use the evaluated response body for sniffing JSON content-type (#6249)0900844templates: Clarifyincludeargs docs, add.ClientIP(#5898)4e8245dtemplates: Delete headers onhttpErrorto reset to clean slate (#5905)18f3429templates: Offically make templates extensible (#5939)f98f449templates: AddpathEscapetemplate function and use it in file browser (#6278)4173e2ctls: accept placeholders in string values of certificate loaders (#5963)ed41c92tls: add reuse_private_keys (#6025)e965b11tls: modularize trusted CA providers (#5784)0b5720ftracing: add trace_id var (http.vars.trace_idplaceholder) (#6308)5ed8689vars: Allow overridinghttp.auth.user.idin replacer as a special case (#6108)d132584vars: Make nil values act as empty string instead of"<nil>"(#6174)New Contributors
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.