github bunkerity/bunkerweb v1.6.10-rc5
on GitHub

pre-release5 hours ago

Documentation : https://docs.bunkerweb.io/1.6.10~rc5/

Docker tags :

  • All-in-one : bunkerity/bunkerweb-all-in-one:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-all-in-one:1.6.10-rc5
  • BunkerWeb : bunkerity/bunkerweb:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb:1.6.10-rc5
  • Scheduler : bunkerity/bunkerweb-scheduler:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-scheduler:1.6.10-rc5
  • Autoconf : bunkerity/bunkerweb-autoconf:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-autoconf:1.6.10-rc5
  • UI : bunkerity/bunkerweb-ui:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-ui:1.6.10-rc5
  • API : bunkerity/bunkerweb-api:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-api:1.6.10-rc5

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.10~rc5&filter=all&dist=

Changelog :

  • [BUGFIX] modsecurity/ui/antibot: stop USE_MODSECURITY_GLOBAL_CRS=yes from 403'ing UI POSTs and antibot challenges. Move UI exclusions to phase 1 (so phase-1 CRS rules like 920440 can be disabled), tolerate uppercase hostnames and :port in the Host chain regex, re.escape() hostnames in antibot.modsec-crs, and emit modsecurity off; on default-server UI proxy locations. Other defenses (limit, badbehavior, crowdsec, allowlists) still run. (Fixes #3118)
  • [BUGFIX] database: back-fill bw_settings defaults from settings.json at read time when the catalogue row is missing or has a NULL/empty default, so directives like client_body_timeout no longer render empty after a desynced upgrade. Logs one WARNING per affected setting. (Fixes #3450)
  • [BUGFIX] errors: revert the rc4 return 444; short-circuit on @bwerror* handlers. The deny path already exits via ngx.exit(get_deny_status()), so the gate only broke real 4xx/5xx rendering. Use INTERCEPTED_ERROR_CODES="" or ERRORS= for stealth. (Fixes #3490, reverts #3448)
  • [UI] Reports and Bans pages: CSV/Excel exports now include every column and honor the active search and SearchPanes filters. (Fixes #3489)
  • [UI] Service edit page: restore non-UI-method settings and template defaults on advanced/raw save so omitted keys can't roll a service back to defaults; raw-mode draft toggle and the IS_DRAFT= line stay in sync both ways.
  • [LINUX] Support Fedora 44.
  • [DEPS] Updated NGINX version to v1.30.0 for all integrations.
  • [DEPS] Updated Modsecurity version to v3.0.15.
  • [DEPS] Updated Mbed TLS version to v4.1.0.
  • [DEPS] Updated libinjection version to v4.0.0.
  • [DEPS] Update coreruleset-v4 version to v4.26.0.
Check out latest releases or
releases around bunkerity/bunkerweb v1.6.10-rc5

Don't miss a new bunkerweb release

NewReleases is sending notifications on new releases.

Get notifications