summaryrefslogtreecommitdiffhomepage
path: root/dist/CHANGES.txt
blob: 0cea8eb9833e1ab92dc052d9efdbb8bb4b8b96d8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
CHANGES

0.10.3 (May 19, 2017)
- Several minor changes and bug fixes; see commit log for details
- tls: Allow narrower certificate renewal window at startup (#1680)

0.10.2 (May 2, 2017)
- Hot fix for rule paths of "/" so that they match every request
- fastcgi: Match request paths that don't start with "/" even if rule does


0.10.1 (May 1, 2017)
- Reduced memory usage for gzip, templates, and MITM detection
- Fixed automatic HTTP->HTTPS redirects for sites with wildcard labels
- proxy: Fix 'without' subdirective
- A few other minor bug fixes and improvements


0.10 (April 20, 2017)
- Built on Go 1.8.1
- HTTPS interception detection
- Updated QUIC
- SIGUSR1 (reload) now works with QUIC servers
- New 'push' directive for HTTP/2 server push
- New 'index' directive to change the names of index files
- New -http-port and -https-port flags to change protocol ports
- New -disable-http-challenge and -disable-tls-sni-challenge flags
- New event hook plugin type
- New listener middleware plugin type
- New placeholders for cookie, query, and rewritten URI values
- basicauth: Ability to customize realm
- browse: Default template now sorts by name with directories first
- errors, log: Roll all logs by default
- errors, log: Ability to write to remote syslog
- errors, log: Standardized, simplified directive syntax
- log: Patched common log format by adding missing "-"
- proxy: New 'max_conns' setting to limit connections to upstreams
- proxy: New 'first' load balancing policy for first available host
- proxy: Health checks respect Host and insecure_skip_verify settings
- templates: New .RandomString action to add random padding to page
- timeouts: Disabled default HTTP timeouts
- tls: Settings now apply per-site rather than for entire listener
- tls: New 'alpn' setting to disable either HTTP/2 or HTTP/1.1 on per-site basis
- tls: Added curve X25519
- tls: Added ChaCha20-Poly1305 cipher suites
- tls: Renamed muststaple to must_staple
- tls: Setting max_certs obtains certs during handshakes for all hostnames
- Dozens of miscellaneous bug fixes and improvements
- New website
- New build infrastructure
- New deployment system


0.9.5 (January 24, 2017)
- New -validate flag to only check a Caddyfile, then exit
- New {when_iso} placeholder for timestamp ISO 8601 in UTC
- New {rewrite_path} and {rewrite_path_escaped} placeholders
- New 'timeouts' directive to configure or disable HTTP timeouts
- HTTP-level timeouts enabled by default
- basicauth: Authorization header stripped upon successful login
- browse: Added textbox to filter listing in default template
- browse: Sanitize file names and links in default template
- browse: Ensure active Caddyfile is hidden regardless of cwd
- fastcgi: New 'root' property, mainly for use with containers
- markdown: Apply some front matter fields as <meta> tags
- proxy: Fixed HTTP/2 upstream to backend; honors -http CLI flag
- proxy: Fixed websockets over HTTPS
- proxy: Reduced memory usage and improved performance
- proxy: Added support for HTTP trailers
- tls: Fixed deadlock that affected some background renewals
- Several other smaller bugs squashed and improvements made


0.9.4 (December 21, 2016)
- Updated QUIC
- New maxrequestbody directive to limit size of request body
- New {latency_ms} placeholder for latency always in ms
- Serve statically compressed .gz and .br files
- fastcgi: Support for multiple backends with basic load balancing
- proxy: Fixed handling of encoded 'without' paths
- proxy: Preserve trailing slash if present in request
- proxy: Fix HTTP/2 upstreams
- templates: New .Files action to list files in a directory
- templates: .Include can now pass arguments to included file
- tls: Added ability to customize preferred curves
- tls: Added support for Must-Staple on managed certificates
- tls: Fixed subtle edge case bug with TLS-SNI challenge
- Lots of minor fixes and improvements


0.9.3 (September 28, 2016)
- Updated QUIC to newer version
- import: Glob pattern matching 0 files is no longer an error
- fastcgi: Fixed persistent connections (disabled by default)
- fastcgi: Configurable connection pool size parameter
- proxy: Improved failover load balancing logic
- proxy: Avoids duplicating header fields that would be confusing
- proxy: New try_duration and try_interval parameters
- proxy: Fix for IP hash policy when downed hosts come back up
- Several other bug fixes and new tests


0.9.2 (September 20, 2016)
- New -catimeout option to customize ACME CA HTTP timeout
- import: Fix nested import absolute/relative paths
- log: Fix multiple log outputs
- proxy: Fix for keepalive in certain cases
- tls: Fix for PreferServerCipherSuites
- Numerous other bug fixes and internal improvements


0.9.1 (August 17, 2016)
- New {request_body} placeholder to log request body
- {remote} placeholder no longer uses X-Forwarded-For header
- {latency} placeholder rounds to nice looking number
- Add support for ratelimit plugin
- basicauth: Declaring realm named "Restricted"
- errors: Define catch-all/default error page with * character
- header: More control to add, set, or remove headers
- proxy: New keepalive setting to help accommodate busy servers
- proxy: New load balancing policy ip_hash
- proxy: Fixed WebSocket connections
- proxy: Fixed broken header logic
- proxy: Reuse existing connection for Upgrade requests
- proxy: Support for basic auth from header or upstream address
- templates: New .Env action to access environment variables
- tls: OCSP staples persisted to disk
- tls: ACME challenges honor bind directive
- tls: Fix default protocol version (minimum TLS 1.1)
- tls: Consume challenge requests only for names Caddy is solving for
- tls: The protocol syntax allows just one value if desired
- tls: Scoped max_certs limit to site instead of global maximum
- Many other bug fixes and minor enhancements


0.9 (July 18, 2016)
- New core
- New experimental QUIC support with -quic flag (HTTPS only)
- New -type option to specify other server types
- Moved ~/.caddy/letsencrypt to ~/.caddy/acme and reorganized assets
- Moved caddy package to top level folder, and pushed main to subfolder
- New {request} placeholder to dump entire request (without body)
- New {hostonly} placeholder for only hostname portion of host value
- Site addresses can have paths
- Site addresses can make some use of wildcards in domains
- Renamed -directives flag to -plugins
- Restarting no longer requires spawning a new process
- Removed -restart option
- fastcgi: Env variables now support placeholders
- import: Import paths now relative to Caddyfile, not current working dir
- markdown: Overhauled; removed site generation features
- proxy: More control of headers; deprecating proxy_header subdirective
- proxy: Specify multiple upstreams with optional port ranges
- proxy: New preset 'transparent' to simplify common pass-thru headers
- proxy: Chooses longest matching path; order declared is irrelevant
- redir: Added if and if_op subdirectives to make conditional redirects
- rewrite: Support for if_op to change how conditions are evaluated
- tls: Generate self-signed certificates in memory
- tls: Support for ACME DNS challenge with 10 providers
- tls: Support for TLS-SNI challenge during restarts
- Various bug fixes and enhancements


0.8.3 (April 26, 2016)
- Built with Go 1.6.2
- New pprof middleware for exposing process profiling endpoints
- New expvar middleware for exposing memory/GC performance
- New -restart option to force in-process restarts on Unix systems
- Only fail to start if managed certificate is expired (issue #642)
- Toggle case-sensitive path matching with environment variable
- File server now adds ETag header for static files
- browse: Replace .LinkedPath action with .BreadcrumbMap
- fastcgi: New except clause to exclude paths
- proxy: New max_conns setting to limit max connections per upstream
- proxy: New replaceable value for name of upstream host
- templates: New utility actions for dealing with strings
- tls: Customize certificate key with key_type (+ECC)
- tls: Session ticket keys are now rotated
- Many other minor internal improvements and bug fixes


0.8.2 (February 25, 2016)
- On-demand TLS can obtain certificates during handshakes
- Built with Go 1.6
- Process log (-log) is rotated when it gets large
- Managed certificates get renewed 30 days early instead of just 14
- fastcgi: Allow scheme prefix before address
- markdown: Support for definition lists
- proxy: Allow proxy to insecure HTTPS backends
- proxy: Support proxy to unix socket
- rewrite: Status code can be 2xx or 4xx
- templates: New .Markdown action to interpret included file as Markdown
- templates: .Truncate now truncates from end of string when length is negative
- tls: Set hard limit for certificates obtained with on-demand TLS
- tls: Load certificates from directory
- tls: Add SHA384 cipher suites
- Multiple bug fixes and internal changes


0.8.1 (January 12, 2016)
- Improved OCSP stapling
- Better graceful reload when new hosts need certificates from Let's Encrypt
- Current pidfile is now deleted when Caddy exits
- browse: New default template
- gzip: Added min_length setting
- import: Support for glob patterns (*) to import multiple files
- rewrite: New complex rules with conditions, regex captures, and status code
- tls: Removed DES ciphers from default cipher suite list
- tls: All supported certificates are OCSP-stapled
- tls: Allow custom configuration without specifying certificate and key
- tls: No longer allow HTTPS over port 80
- Dozens of bug fixes, improvements, and more tests across the board


0.8 (December 4, 2015)
- HTTPS by default via Let's Encrypt (certs & keys are fully managed)
- Graceful restarts (on POSIX-compliant systems)
- Major internal refactoring to allow use of Caddy as library
- New directive 'mime' to customize Content-Type based on file extension
- New -accept flag to accept Let's Encrypt SA without prompt
- New -email flag to customize default email used for ACME transactions
- New -ca flag to customize ACME CA server URL
- New -revoke flag to revoke a certificate
- New -log flag to enable process log
- New -pidfile flag to enable writing pidfile
- New -grace flag to customize the graceful shutdown timeout
- New support for SIGHUP, SIGTERM, and SIGQUIT signals
- browse: Render filenames with multiple whitespace properly
- core: Use environment variables in Caddyfile
- markdown: Include Last-Modified header in response
- markdown: Render tables, strikethrough, and fenced code blocks
- proxy: Ability to exclude/ignore paths from proxying
- startup, shutdown: Better Windows support
- templates: Bug fix for .Host when port is absent
- templates: Include Last-Modified header in response
- templates: Support for custom delimiters
- tls: For non-local hosts, default port is now 443 unless specified
- tls: Force-disable HTTPS
- tls: Specify Let's Encrypt email address
- Many, many more tests and numerous bug fixes and improvements


0.7.6 (September 28, 2015)
- Pass in simple Caddyfile as command line arguments
- basicauth: Support for legacy htpasswd files
- browse: JSON response with file listing
- core: Caddyfile as command line argument
- errors: Can write full stack trace to HTTP response for debugging
- errors, log: Roll log files after certain size or age
- proxy: Fix for 32-bit architectures
- rewrite: Better compatibility with fastcgi and PHP apps
- templates: Added .StripExt and .StripHTML methods
- Internal improvements and minor bug fixes


0.7.5 (August 5, 2015)
- core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
- fastcgi: Set HTTPS env variable if connection is secure
- log: Output to system log (except Windows)
- markdown: Added dev command to disable caching during development
- markdown: Fixed error reporting during initial site generation
- markdown: Fixed crash if path does not exist when server starts
- markdown: Fixed site generation and link indexing when files change
- templates: Added .NowDate for use in date-related functions
- Several bug fixes related to startup and shutdown functions


0.7.4 (July 30, 2015)
- browse: Sorting preference persisted in cookie
- browse: Added index.txt and default.txt to list of default files
- browse: Template files may now use Caddy template actions
- markdown: Template files may now use Caddy template actions
- markdown: Several bug fixes, especially for large and empty Markdown files
- markdown: Generate index pages to link to markdown pages (sitegen only)
- markdown: Flatten structure of front matter, changed template variables
- redir: Can use variables (placeholders) like log formats can
- redir: Catch-all redirects no longer preserve path; use {uri} instead
- redir: Syntax supports redirect tables by opening a block
- templates: Renamed .Date to .Now and added .Truncate, .Replace actions
- Other minor internal improvements and more tests


0.7.3 (July 15, 2015)
- errors: Error log now shows timestamp with each entry
- gzip: Fixed; Default filtering is by extension; removed MIME type filter
- import: Fixed; works inside and outside server blocks
- redir: Query string preserved on catch-all redirects
- templates: Proper 403 or 404 errors for restricted or missing files


0.7.2 (July 1, 2015)
- Custom builds through caddyserver.com - extend Caddy by writing addons
- browse: Sort by clicking column heading or using query string
- core: Serving hostname that doesn't resolve issues warning then listens on 0.0.0.0
- errors: Missing error page during parse time is warning, not error
- ext: Extension only appended if request path does not end in /
- fastcgi: Fix for backend responding without status text
- fastcgi: Fix PATH_TRANSLATED when PATH_INFO is empty (RFC 3875)
- git: Removed from core (available as add-on)
- gzip: Enable by file path and/or extension
- gzip: Customize compression level
- log: Fix for missing status in log entry when error unhandled
- proxy: Strip prefix from path for proxy to path
- redir: Meta tag redirects
- templates: Support for nested includes
- Internal improvements and more tests


0.7.1 (June 2, 2015)
- basicauth: Patched timing vulnerability
- proxy: Support for WebSocket backends
- tls: Client authentication


0.7 (May 25, 2015)
- New directive 'internal' to protect resources with X-Accel-Redirect
- New -version flag to show program name and version
- core: Fixed escaped backslash characters inside quoted strings
- core: Fixed parsing Caddyfile for IPv6 addresses missing ports
- core: A notice is shown when non-local address resolves to loopback interface
- core: Warns if file descriptor limit is too low for production site (Mac/Linux)
- fastcgi: Support for Unix sockets
- git: Fixed issue that prevented pulling at designated interval
- header: Remove a header field by prefixing field name with "-"
- markdown: Simple static site generation
- markdown: Support for metadata ("front matter") at beginning of files
- rewrite: Experimental support for regular expressions
- tls: Customize cipher suites and protocols
- tls: Removed RC4 ciphers
- Other internal improvements that are not user-facing (more tests, etc.)


0.6 (May 7, 2015)
- New directive 'git' to automatically pull changes
- New directive 'bind' to override host server binds to
- New -root flag to specify root path to default site
- Ability to receive config data piped through stdin
- core: Warning if root directory doesn't exist at startup
- core: Entire process dies if any server fails to start
- gzip: Fixed Content-Length value when proxying requests
- errors: Error log now includes file and line number of panics
- fastcgi: Pass custom environment variables
- fastcgi: Support for HEAD, OPTIONS, PUT, PATCH, and DELETE methods
- fastcgi: Fixed SERVER_SOFTWARE variables
- markdown: Support for index files when URL points to a directory
- proxy: Load balancing with multiple backends, health checks, failovers, and multiple policies
- proxy: Add custom headers
- startup/shutdown: Run command in background with '&' at end
- templates: Added .tpl and .tmpl as default extensions
- templates: Support for index files when URL points to a directory
- templates: Changed .RemoteAddr to .IP and stripped out remote port
- tls: TLS disabled (with warning) for servers that are explicitly http://
- websocket: Fixed SERVER_SOFTWARE and GATEWAY_INTERFACE variables
- Many internal improvements


0.5.1 (April 30, 2015)
- Default host is now 0.0.0.0 (wildcard)
- New -host and -port flags to override default host and port
- core: Support for binding to 0.0.0.0
- core: Graceful error handling during heavy load; proper error responses
- errors: Fixed file path handling
- errors: Fixed panic due to nil log file
- fastcgi: Support for index files
- fastcgi: Fix for handling errors that come from responder


0.5 (April 28, 2015)
- Initial release