{"affected":[{"ecosystem_specific":{"binaries":[{"caddy":"2.8.4-bp155.2.3.1","caddy-bash-completion":"2.8.4-bp155.2.3.1","caddy-fish-completion":"2.8.4-bp155.2.3.1","caddy-zsh-completion":"2.8.4-bp155.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"caddy","purl":"pkg:rpm/suse/caddy&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.4-bp155.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"caddy":"2.8.4-bp155.2.3.1","caddy-bash-completion":"2.8.4-bp155.2.3.1","caddy-fish-completion":"2.8.4-bp155.2.3.1","caddy-zsh-completion":"2.8.4-bp155.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"caddy","purl":"pkg:rpm/opensuse/caddy&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.4-bp155.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for caddy fixes the following issues:\n\nUpdate to version 2.8.4:\n\n * cmd: fix regression in auto-detect of Caddyfile (#6362)\n * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped\n\nUpdate to version 2.8.2:\n\n * cmd: fix auto-detetction of .caddyfile extension (#6356)\n * caddyhttp: properly sanitize requests for root path (#6360)\n * caddytls: Implement certmagic.RenewalInfoGetter\n\nUpdate to version 2.8.1:\n\n * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)\n * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)\n\nUpdate to version 2.8.0:\n\n * acmeserver: Add `sign_with_root` for Caddyfile (#6345)\n * caddyfile: Reject global request matchers earlier (#6339)\n * core: Fix bug in AppIfConfigured (fix #6336)\n * fix a typo (#6333)\n * autohttps: Move log WARN to INFO, reduce confusion (#6185)\n * reverseproxy: Support HTTP/3 transport to backend (#6312)\n * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)\n * Fix lint error about deprecated method in smallstep/certificates/authority\n * go.mod: Upgrade dependencies\n * caddytls: fix permission requirement with AutomationPolicy (#6328)\n * caddytls: remove ClientHelloSNICtxKey (#6326)\n * caddyhttp: Trace individual middleware handlers (#6313)\n * templates: Add `pathEscape` template function and use it in file browser (#6278)\n * caddytls: set server name in context (#6324)\n * chore: downgrade minimum Go version in go.mod (#6318)\n * caddytest: normalize the JSON config (#6316)\n * caddyhttp: New experimental handler for intercepting responses (#6232)\n * httpcaddyfile: Set challenge ports when http_port or https_port are used\n * logging: Add support for additional logger filters other than hostname (#6082)\n * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)\n * caddyhttp: Alter log message when request is unhandled (close #5182)\n * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)\n * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308)\n * go.mod: CertMagic v0.21.0\n * reverseproxy: Implement health_follow_redirects (#6302)\n * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)\n * go.mod: Upgrade to quic-go v0.43.1\n * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)\n * caddytls: Ability to drop connections (close #6294)\n * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)\n * caddytls: Evict internal certs from cache based on issuer (#6266)\n * chore: add warn logs when using deprecated fields (#6276)\n * caddyhttp: Fix linter warning about deprecation\n * go.mod: Upgrade to quic-go v0.43.0\n * fileserver: Set 'Vary: Accept-Encoding' header (see #5849)\n * events: Add debug log\n * reverseproxy: handle buffered data during hijack (#6274)\n * ci: remove `android` and `plan9` from cross-build workflow (#6268)\n * run `golangci-lint run --fix --fast` (#6270)\n * caddytls: Option to configure certificate lifetime (#6253)\n * replacer: Implement `file.*` global replacements (#5463)\n * caddyhttp: Address some Go 1.20 features (#6252)\n * Quell linter (false positive)\n * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)\n * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)\n * caddytls: Add Caddyfile support for on-demand permission module (close #6260)\n * reverseproxy: Remove long-deprecated buffering properties\n * reverseproxy: Reuse buffered request body even if partially drained\n * reverseproxy: Accept EOF when buffering\n * logging: Fix default access logger (#6251)\n * fileserver: Improve Vary handling (#5849)\n * cmd: Only validate config is proper JSON if config slice has data (#6250)\n * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249)\n * encode: Slight fix for the previous commit\n * encode: Improve Etag handling (fix #5849)\n * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)\n * caddyfile: Populate regexp matcher names by default (#6145)\n * caddyhttp: record num. bytes read when response writer is hijacked (#6173)\n * caddyhttp: Support multiple logger names per host (#6088)\n * chore: fix some typos in comments (#6243)\n * encode: Configurable compression level for zstd (#6140)\n * caddytls: Remove shim code supporting deprecated lego-dns (#6231)\n * connection policy: add `local_ip` matcher (#6074)\n * reverseproxy: Wait for both ends of websocket to close (#6175)\n * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)\n * caddytls: Still provision permission module if ask is specified\n * fileserver: read etags from precomputed files (#6222)\n * fileserver: Escape # and ? in img src (fix #6237)\n * reverseproxy: Implement modular CA provider for TLS transport (#6065)\n * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)\n * cmd: Fix panic related to config filename (fix #5919)\n * cmd: Assume Caddyfile based on filename prefix and suffix (#5919)\n * admin: Make `Etag` a header, not a trailer (#6208)\n * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)\n * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)\n * gitignore: Add rule for caddyfile.go (#6225)\n * chore: Fix broken links in README.md (#6223)\n * chore: Upgrade some dependencies (#6221)\n * caddyhttp: Add plaintext response to `file_server browse` (#6093)\n * admin: Use xxhash for etag (#6207)\n * modules: fix some typo in conments (#6206)\n * caddyhttp: Replace sensitive headers with REDACTED (close #5669)\n * caddyhttp: close quic connections when server closes (#6202)\n * reverseproxy: Use xxhash instead of fnv32 for LB (#6203)\n * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)\n * chore: remove repetitive word (#6193)\n * Added a null check to avoid segfault on rewrite query ops (#6191)\n * rewrite: `uri query` replace operation (#6165)\n * logging: support `ms` duration format and add docs (#6187)\n * replacer: use RWMutex to protect static provider (#6184)\n * caddyhttp: Allow `header` replacement with empty string (#6163)\n * vars: Make nil values act as empty string instead of `''` (#6174)\n * chore: Update quic-go to v0.42.0 (#6176)\n * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)\n * reverseproxy: configurable active health_passes and health_fails (#6154)\n * reverseproxy: Configurable forward proxy URL (#6114)\n * caddyhttp: upgrade to cel v0.20.0 (#6161)\n * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169)\n * caddyhttp: suppress flushing if the response is being buffered (#6150)\n * chore: encode: use FlushError instead of Flush (#6168)\n * encode: write status immediately when status code is informational (#6164)\n * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153)\n * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865)\n * rewrite: Implement `uri query` operations (#6120)\n * fix struct names (#6151)\n * fileserver: Preserve query during canonicalization redirect (#6109)\n * logging: Implement `log_append` handler (#6066)\n * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)\n * logging: Implement `append` encoder, allow flatter filters config (#6069)\n * ci: fix the integration test `TestLeafCertLoaders` (#6149)\n * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108)\n * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)\n * cmd: Adjust config load logs/errors (#6032)\n * reverseproxy: SRV dynamic upstream failover (#5832)\n * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)\n * core: OnExit hooks (#6128)\n * cmd: fix the output of the `Usage` section (#6138)\n * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)\n * acmeserver: add policy field to define allow/deny rules (#5796)\n * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)\n * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119)\n * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103)\n * caddyfile: Assert having a space after heredoc marker to simply check (#6117)\n * chore: Update Chroma to get the new Caddyfile lexer (#6118)\n * reverseproxy: use context.WithoutCancel (#6116)\n * caddyfile: Reject directives in the place of site addresses (#6104)\n * caddyhttp: Register post-shutdown callbacks (#5948)\n * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)\n * caddyauth: Drop support for `scrypt` (#6091)\n * Revert 'caddyfile: Reject long heredoc markers (#6098)' (#6100)\n * caddyauth: Rename `basicauth` to `basic_auth` (#6092)\n * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094)\n * caddyfile: Reject long heredoc markers (#6098)\n * chore: Rename CI jobs, run on M1 mac (#6089)\n * fix: add back text/*\n * fix: add more media types to the compressed by default list\n * acmeserver: support specifying the allowed challenge types (#5794)\n * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085)\n * caddyhttp: Test cases for `%2F` and `%252F` (#6084)\n * fileserver: Browse can show symlink target if enabled (#5973)\n * core: Support NO_COLOR env var to disable log coloring (#6078)\n * Update comment in setcap helper script\n * caddytls: Make on-demand 'ask' permission modular (#6055)\n * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945)\n * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043)\n * chore: enabling a few more linters (#5961)\n * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)\n * caddyfile: Switch to slices.Equal for better performance (#6061)\n * tls: modularize trusted CA providers (#5784)\n * logging: Automatic `wrap` default for `filter` encoder (#5980)\n * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)\n * caddyfile: Normalize & flatten all unmarshalers (#6037)\n * cmd: reverseproxy: log: use caddy logger (#6042)\n * matchers: `query` now ANDs multiple keys (#6054)\n * caddyfile: Add heredoc support to `fmt` command (#6056)\n * refactor: move automaxprocs init in caddycmd.Main()\n * caddyfile: Allow heredoc blank lines (#6051)\n * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965)\n * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)\n * fileserver: Implement caddyfile.Unmarshaler interface (#5850)\n * reverseproxy: Add `tls_curves` option to HTTP transport (#5851)\n * caddyhttp: Security enhancements for client IP parsing (#5805)\n * replacer: Fix escaped closing braces (#5995)\n * filesystem: Globally declared filesystems, `fs` directive (#5833)\n * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031)\n * httpcaddyfile: Fix redir html (#6001)\n * httpcaddyfile: Support client auth verifiers (#6022)\n * tls: add reuse_private_keys (#6025)\n * reverseproxy: Only change Content-Length when full request is buffered (#5830)\n * Switch Solaris-derivatives away from listen_unix (#6021)\n * chore: check against errors of `io/fs` instead of `os` (#6011)\n * caddyhttp: support unix sockets in `caddy respond` command (#6010)\n * fileserver: Add total file size to directory listing (#6003)\n * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)\n * cmd: use automaxprocs for better perf in containers (#5711)\n * logging: Add `zap.Option` support (#5944)\n * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)\n * metrics: Record request metrics on HTTP errors (#5979)\n * go.mod: Updated quic-go to v0.40.1 (#5983)\n * fileserver: Enable compression for command by default (#5855)\n * fileserver: New --precompressed flag (#5880)\n * caddyhttp: Add `uuid` to access logs when used (#5859)\n * proxyprotocol: use github.com/pires/go-proxyproto (#5915)\n * cmd: Preserve LastModified date when exporting storage (#5968)\n * core: Always make AppDataDir for InstanceID (#5976)\n * chore: cross-build for AIX (#5971)\n * caddytls: Sync distributed storage cleaning (#5940)\n * caddytls: Context to DecisionFunc (#5923)\n * tls: accept placeholders in string values of certificate loaders (#5963)\n * templates: Offically make templates extensible (#5939)\n * http2 uses new round-robin scheduler (#5946)\n * panic when reading from backend failed to propagate stream error (#5952)\n * chore: Bump otel to v1.21.0. (#5949)\n * httpredirectlistener: Only set read limit for when request is HTTP (#5917)\n * fileserver: Add .m4v for browse template icon\n * Revert 'caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)' (#5924)\n * go.mod: update quic-go version to v0.40.0 (#5922)\n * update quic-go to v0.39.3 (#5918)\n * chore: Fix usage pool comment (#5916)\n * test: acmeserver: add smoke test for the ACME server directory (#5914)\n * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)\n * caddyhttp: Adjust `scheme` placeholder docs (#5910)\n * go.mod: Upgrade quic-go to v0.39.1\n * go.mod: CVE-2023-45142 Update opentelemetry (#5908)\n * templates: Delete headers on `httpError` to reset to clean slate (#5905)\n * httpcaddyfile: Remove port from logger names (#5881)\n * core: Apply SO_REUSEPORT to UDP sockets (#5725)\n * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)\n * cmd: Add newline character to version string in CLI output (#5895)\n * core: quic listener will manage the underlying socket by itself (#5749)\n * templates: Clarify `include` args docs, add `.ClientIP` (#5898)\n * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)\n * cmd: upgrade: resolve symlink of the executable (#5891)\n * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)\n\n- CVEs:\n * CVE-2024-22189 (boo#1222468)\n * CVE-2023-45142\n\n- Remove the manual user/group provides: the package uses\n sysusers.d; the auto-provides were not working due to the broken\n go_provides.\n\n- Provide user and group (due to RPM 4.19)\n- Update caddy.sysusers to also create a group\n\n- Update to version 2.7.6:\n\n * caddytls: Sync distributed storage cleaning (#5940)\n * caddytls: Context to DecisionFunc (#5923)\n * tls: accept placeholders in string values of certificate loaders (#5963)\n * templates: Offically make templates extensible (#5939)\n * http2 uses new round-robin scheduler (#5946)\n * panic when reading from backend failed to propagate stream error (#5952)\n * chore: Bump otel to v1.21.0. (#5949)\n * httpredirectlistener: Only set read limit for when request is HTTP (#5917)\n * fileserver: Add .m4v for browse template icon\n * Revert 'caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)' (#5924)\n * go.mod: update quic-go version to v0.40.0 (#5922)\n * update quic-go to v0.39.3 (#5918)\n * chore: Fix usage pool comment (#5916)\n * test: acmeserver: add smoke test for the ACME server directory (#5914)\n * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)\n * caddyhttp: Adjust `scheme` placeholder docs (#5910)\n * go.mod: Upgrade quic-go to v0.39.1\n * go.mod: CVE-2023-45142 Update opentelemetry (#5908)\n * templates: Delete headers on `httpError` to reset to clean slate (#5905)\n * httpcaddyfile: Remove port from logger names (#5881)\n * core: Apply SO_REUSEPORT to UDP sockets (#5725)\n * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)\n * cmd: Add newline character to version string in CLI output (#5895)\n * core: quic listener will manage the underlying socket by itself (#5749)\n * templates: Clarify `include` args docs, add `.ClientIP` (#5898)\n * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)\n * cmd: upgrade: resolve symlink of the executable (#5891)\n * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)\n\n- Update to version 2.7.5:\n\n * admin: Respond with 4xx on non-existing config path (#5870)\n * ci: Force the Go version for govulncheck (#5879)\n * fileserver: Set canonical URL on browse template (#5867)\n * tls: Add X25519Kyber768Draft00 PQ 'curve' behind build tag (#5852)\n * reverseproxy: Add more debug logs (#5793)\n * reverseproxy: Fix `least_conn` policy regression (#5862)\n * reverseproxy: Add logging for dynamic A upstreams (#5857)\n * reverseproxy: Replace health header placeholders (#5861)\n * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)\n * cmd: Fix exiting with custom status code, add `caddy -v` (#5874)\n * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)\n * reverseproxy: Fix retries on 'upstreams unavailable' error (#5841)\n * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808)\n * encode: Add `application/wasm*` to the default content types (#5869)\n * fileserver: Add command shortcuts `-l` and `-a` (#5854)\n * go.mod: Upgrade dependencies incl. x/net/http\n * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845)\n * reverseproxy: Allow fallthrough for response handlers without routes (#5780)\n * fix: caddytest.AssertResponseCode error message (#5853)\n * caddyhttp: Use LimitedReader for HTTPRedirectListener\n * fileserver: browse template SVG icons and UI tweaks (#5812)\n * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)\n * httpcaddyfile: fix placeholder shorthands in named routes (#5791)\n * cmd: Prevent overwriting existing env vars with `--envfile` (#5803)\n * ci: Run govulncheck (#5790)\n * logging: query filter for array of strings (#5779)\n * logging: Clone array on log filters, prevent side-effects (#5786)\n * fileserver: Export BrowseTemplate\n * ci: ensure short-sha is exported correctly on all platforms (#5781)\n * caddyfile: Fix case where heredoc marker is empty after newline (#5769)\n * go.mod: Update quic-go to v0.38.0 (#5772)\n * chore: Appease gosec linter (#5777)\n * replacer: change timezone to UTC for 'time.now.http' placeholders (#5774)\n * caddyfile: Adjust error formatting (#5765)\n * update quic-go to v0.37.6 (#5767)\n * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)\n * caddyfile: Loosen heredoc parsing (#5761)\n * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751)\n * fix package typo (#5764)\n\n- Switch to sysuser for user setup\n\nUpdate to version 2.7.4:\n\n * go.mod: Upgrade CertMagic and quic-go\n * reverseproxy: Always return new upstreams (fix #5736) (#5752)\n * ci: use gci linter (#5708)\n * fileserver: Slightly more fitting icons\n * cmd: Require config for caddy validate (fix #5612) (#5614)\n * caddytls: Update docs for on-demand config\n * fileserver: Don't repeat error for invalid method inside error context (#5705)\n * ci: Update to Go 1.21 (#5719)\n * ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720)\n * go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)\n * ci: Use gofumpt to format code (#5707)\n * templates: Fix httpInclude (fix #5698)\n\nUpdate to version 2.7.3:\n\n * go.mod: Upgrade to quic-go v0.37.3\n * cmd: Split unix sockets for admin endpoint addresses (#5696)\n * reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)\n * caddyfile: check that matched key is not a substring of the replacement key (#5685)\n * chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691)\n * go.mod: Upgrade quic-go to v0.37.2 (fix #5680)\n * fileserver: browse: Render SVG images in grid\n\n- Update to version 2.7.2:\n * reverseproxy: Fix hijack ordering which broke websockets (#5679)\n * httpcaddyfile: Fix `string does not match ~[]E` error (#5675)\n * encode: Fix infinite recursion (#5672)\n * caddyhttp: Make use of `http.ResponseController` (#5654)\n * go.mod: Upgrade dependencies esp. smallstep/certificates\n * core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)\n * httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643)\n * reverseproxy: Connection termination cleanup (#5663)\n * go.mod: Use quic-go 0.37.1\n * reverseproxy: Export ipVersions type (#5648)\n * go.mod: Use latest CertMagic (v0.19.1)\n * caddyhttp: Preserve original error (fix #5652)\n * fileserver: add lazy image loading (#5646)\n * go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)\n * core: Refine mutex during reloads (fix #5628) (#5645)\n * go.mod: update quic-go to v0.36.2 (#5636)\n * fileserver: Tweak grid view of browse template\n * fileserver: add `export-template` sub-command to `file-server` (#5630)\n * caddyfile: Fix comparing if two tokens are on the same line (#5626)\n * caddytls: Reuse certificate cache through reloads (#5623)\n * Minor tweaks to security.md\n * reverseproxy: Pointer receiver\n * caddyhttp: Trim dot/space only on Windows (fix #5613)\n * update quic-go to v0.36.1 (#5611)\n * caddyconfig: Specify config adapter for HTTP loader (close #5607)\n * core: Embed net.UDPConn to gain optimizations (#5606)\n * chore: remove deprecated property `rlcp` in goreleaser config (#5608)\n * core: Skip `chmod` for abstract unix sockets (#5596)\n * core: Add optional unix socket file permissions (#4741)\n * reverseproxy: Honor `tls_except_port` for active health checks (#5591)\n * Appease linter\n * Fix compile on Windows, hopefully\n * core: Properly preserve unix sockets (fix #5568)\n * go.mod: Upgrade CertMagic for hotfix\n * go.mod: Upgrade some dependencies\n * chore: upgrade otel (#5586)\n * go.mod: Update quic-go to v0.36.0 (#5584)\n * reverseproxy: weighted_round_robin load balancing policy (#5579)\n * reverseproxy: Experimental streaming timeouts (#5567)\n * chore: remove refs of deprecated io/ioutil (#5576)\n * headers: Allow `>` to defer shortcut for replacements (#5574)\n * caddyhttp: Support custom network for HTTP/3 (#5573)\n * reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)\n * fileserver: browse: Better grid layout (#5564)\n * caddytls: Clarify some JSON config docs\n * cmd: Implement storage import/export (#5532)\n * go.mod: Upgrade quic-go to 0.35.1\n * update quic-go to v0.35.0 (#5560)\n * templates: Add `readFile` action that does not evaluate templates (#5553)\n * caddyfile: Track import name instead of modifying filename (#5540)\n * core: Use SO_REUSEPORT_LB on FreeBSD (#5554)\n * caddyfile: Do not replace import tokens if they are part of a snippet (#5539)\n * fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)\n * fileserver: browse: minor tweaks for grid view, dark mode (#5545)\n * fileserver: Only set Etag if not already set (fix #5546) (#5547)\n * fileserver: Fix file browser breadcrumb font (#5543)\n * caddyhttp: Fix h3 shutdown (#5541)\n * fileserver: More filetypes for browse icons\n * fileserver: Fix file browser footer in grid mode (#5536)\n * cmd: Avoid spammy log messages (fix #5538)\n * httpcaddyfile: Sort Caddyfile slice\n * caddyhttp: Implement named routes, `invoke` directive (#5107)\n * rewrite: use escaped path, fix #5278 (#5504)\n * headers: Add > Caddyfile shortcut for enabling defer (#5535)\n * go.mod: Upgrade several dependencies\n * reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)\n * fileserver: Use EscapedPath for browse (#5534)\n * caddyhttp: Refactor cert Managers (fix #5415) (#5533)\n * Slightly more helpful error message\n * caddytls: Check for nil ALPN; close #5470 (#5473)\n * cmd: Reduce spammy logs from --watch\n * caddyhttp: Add a getter for Server.name (#5531)\n * caddytls: Configurable fallback SNI (#5527)\n * caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)\n * Add doc comment about changing admin endpoint\n * feature: watch include directory (#5521)\n * chore: remove deprecated linters (#5525)\n * go.mod: Upgrade CertMagic again\n * go.mod: Upgrade CertMagic\n * reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)\n * reverseproxy: Fix active health check header canonicalization, refactor (#5446)\n * reverseproxy: Add `fallback` for some policies, instead of always random (#5488)\n * logging: Actually honor the SoftStart parameter\n * logging: Soft start for net writer (close #5520)\n * fastcgi: Fix `capture_stderr` (#5515)\n * acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500)\n * go.mod: Update some dependencies\n * logging: Add traceID field to access logs when tracing is active (#5507)\n * caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509)\n * reverseproxy: Fix reinitialize upstream healthy metrics (#5498)\n * fix some comments (#5508)\n * templates: Add `fileStat` function (#5497)\n * caddyfile: Stricter parsing, error for brace on new line (#5505)\n * core: Return default logger if no modules loaded\n * celmatcher: Implement `pkix.Name` conversion to string (#5492)\n * chore: Adjustments to CI caching (#5495)\n * reverseproxy: Remove deprecated `lookup_srv` (#5396)\n * cmd: Support `'` quotes in envfile parsing (#5437)\n * Update contributing guidelines (#5466)\n * caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)\n * reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468)\n * cmd: Create pidfile before config load (close #5477)\n * fileserver: Add color-scheme meta tag (#5475)\n * proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424)\n * reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)\n * caddyhttp: Log request body bytes read (#5461)\n * log: Make sink logs encodable (#5441)\n * caddytls: Eval replacer on automation policy subjects (#5459)\n * headers: Support deleting all headers as first op (#5464)\n * replacer: Add HTTP time format (#5458)\n * reverseproxy: Header up/down support for CLI command (#5460)\n * caddyhttp: Determine real client IP if trusted proxies configured (#5104)\n * httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)\n * caddytls: Zero out throttle window first (#5443)\n * ci: add `--yes` to cosign arguments (#5440)\n * reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)\n * caddytls: Allow on-demand w/o ask for internal-only\n * caddytls: Require 'ask' endpoint for on-demand TLS\n * fileserver: New file browse template (#5427)\n * go.mod: Upgrade dependencies\n * tracing: Support autoprop from OTEL_PROPAGATORS (#5147)\n * caddyhttp: Enable 0-RTT QUIC (#5425)\n * encode: flush status code when hijacked. (#5419)\n * fileserver: Remove trailing slash on fs filenames (#5417)\n * core: Eliminate unnecessary shutdown delay on Unix (#5413)\n * caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408)\n * context: Rename func to `AppIfConfigured` (#5397)\n * reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)\n * caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)\n * caddyfile: Implement heredoc support (#5385)\n * cmd: Expand cobra support, add short flags (#5379)\n * ci: Update minimum Go version to 1.19\n * go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)\n * reverseproxy: refactor HTTP transport layer (#5369)\n * caddytls: Relax the warning for on-demand (#5384)\n * cmd: Strict unmarshal for validate (#5383)\n * caddyfile: Implement variadics for import args placeholders (#5249)\n * cmd: make `caddy fmt` hints more clear (#5378)\n * cmd: Adjust documentation for commands (#5377)\n\n\n- Update to version 2.6.4:\n\n * reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)\n","id":"openSUSE-SU-2024:0211-1","modified":"2024-07-22T09:11:35Z","published":"2024-07-22T09:11:35Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4POHOO6U2FW5XKZT7HPGZAJF7LQQW3W4/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22189"}],"related":["CVE-2023-45142","CVE-2024-22189"],"summary":"Security update for caddy","upstream":["CVE-2023-45142","CVE-2024-22189"]}