github bunkerity/bunkerweb v1.6.7
on GitHub

one day ago

Documentation : https://docs.bunkerweb.io/1.6.7/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:1.6.7 or ghcr.io/bunkerity/bunkerweb:1.6.7
  • Scheduler : bunkerity/bunkerweb-scheduler:1.6.7 or ghcr.io/bunkerity/bunkerweb-scheduler:1.6.7
  • Autoconf : bunkerity/bunkerweb-autoconf:1.6.7 or ghcr.io/bunkerity/bunkerweb-autoconf:1.6.7
  • UI : bunkerity/bunkerweb-ui:1.6.7 or ghcr.io/bunkerity/bunkerweb-ui:1.6.7

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.7&filter=all&dist=

Changelog :

  • [FEATURE] Enhance SSL/TLS negotiation by implementing dynamic ECDH curve resolution, enabling more flexible and secure key exchange configurations in preparation for post-quantum cryptography (X25519MLKEM768) with OpenSSL 3.5+
  • [FEATURE] Implement automatic LRU cache eviction in the metrics module to prevent memory exhaustion by purging least-recently-used elements when capacity is reached
  • [FEATURE] Optimize Redis connection handling by reusing pooled connections in Lua timers for improved performance and reduced overhead
  • [FEATURE] Refactor logging setup across multiple modules to be able to send logs to a syslog server and have multiple handlers at the same time
  • [FEATURE] Allow configuration of whether Base64 decoding should be applied to DNS credentials via the new LETS_ENCRYPT_DNS_CREDENTIAL_DECODE_BASE64 setting in the Let's Encrypt plugin (default is yes)
  • [FEATURE] Add new ACCESS_LOG and ERROR_LOG settings to configure access and error log destinations for BunkerWeb's instance
  • [FEATURE] Refactor Auth Basic plugin so Lua now hashes credentials with salted scrypt (CSPRNG-only) and verifies them in constant time.
  • [FEATURE] Updated Bad Behavior plugin to automatically apply bans made by the default server globally across all services, enhancing security by ensuring that IPs exhibiting bad behavior are consistently blocked.
  • [FEATURE] Add the possibility to have draft custom configurations that are not applied to the service until they are explicitly published. Draft custom configurations are indicated in the web UI and can be toggled between draft and online status.
  • [FEATURE] Add new SSL_SESSION_CACHE_SIZE setting to the SSL plugin to allow configuration of the size of the SSL session cache (e.g., 10m, 512k). Setting it to off or none disables session caching (default is 10m).
  • [FEATURE] Enhance the Antibot plugin to better handle redirection back to the original request path after a successful challenge by checking the Referer header, ensuring users are redirected to meaningful content rather than static files or other unintended destinations
  • [FEATURE] Add the possibility to tweak custom configurations created from the web UI or API manually
  • [FEATURE] Allow customizing plugin execution order via new PLUGINS_ORDER_* settings (space-separated plugin IDs; multisite-aware per phase)
  • [BUGFIX] Fix wrong modsecurity reason data under heavy load
  • [BUGFIX] Fix wrong certificate name checks in Let's Encrypt
  • [BUGFIX] Fix issues with Let's Encrypt's HTTP challenge on Linux HA integrations
  • [BUGFIX] Fix issues with the Ingress controller regarding reverse proxy settings when using multiple paths per rule and a template by adjusting the indexing logic to be configurable via the new KUBERNETES_REVERSE_PROXY_SUFFIX_START setting (default is 1 to keep backward compatibility)
  • [BUGFIX] Escape percentage signs in DATABASE_URI for Alembic when using the SQLAlchemy URL configuration to prevent formatting errors during migrations
  • [BUGFIX] Fix issues with Autoconf controllers persisting old instances after they have been deleted from the orchestrator.
  • [UI] Restrict flash messages containing sensitive information to authenticated users only
  • [UI] Enhance breadcrumb navigation and filtering on custom configuration pages for improved user experience
  • [UI] Enhance service configuration handling during edits and renames to ensure consistency and prevent data loss
  • [UI] Enhance session management with Redis support and configurable session lifetime
  • [UI] Renamed "Global Configuration" to "Global Settings" in the web UI for clarity
  • [UI] Address CSRF token issues in the web UI when not connecting through BunkerWeb
  • [UI] Add the possibility to provide a certificate and a key so that the web UI can be served over HTTPS (without requiring a reverse proxy)
  • [UI] Fix occasional flash of the light mode on the loading page when using dark mode
  • [API] Refactor rate limiting to be more user-friendly and configurable via settings
  • [ALL-IN-ONE] Update CrowdSec version to 1.7.4
  • [LINUX] Support Fedora 43
  • [LINUX] Updated NGINX version to v1.28.1 for Fedora 42 and 43 integration
  • [LINUX] Update version retrieval for RPM packaging to ensure correct sorting for release candidates
  • [LINUX] Drop support of Fedora 41
  • [DEPS] Updated NGINX version to v1.28.1 for all integrations
  • [DEPS] Updated Modsecurity nginx connector version to 1.0.4
  • [DEPS] Updated luajit2 version to v2.1-20251229
  • [DEPS] Update lua-resty-session version to v4.1.5
  • [DEPS] Update coreruleset-v4 version to v4.21.0
  • [DEPS] Updated zlib version to v1.3.1.2
  • [DOCS] Add Easy Resolve PRO plugin video tutorial link to the documentation
  • [DOCS] Add documentation about the new logging settings and how to configure them
  • [DOCS] Update database compatibility matrix
  • [DOCS] Refactor API documentation to include new API features and improve clarity
  • [DOCS] Add documentation about the new "Custom Pages" PRO plugin
  • [DOCS] Refactor web UI documentation to improve clarity
Check out latest releases or
releases around bunkerity/bunkerweb v1.6.7

Don't miss a new bunkerweb release

NewReleases is sending notifications on new releases.

Get notifications