caddyserver/caddy v2.11.0-beta.1

on GitHub

Welcome to the beta version of 2.11. This is the first release made by our new, automated release process developed by @mohammed90 that was carried out and approved entirely by our maintainer team (together with @francislavoie) without intervention from @mholt, the original Caddy author. This represents a significant step forward in project autonomy and growth, ensuring that the project's stability and longevity is not reliant upon a single person.

This first beta release was primarily to test our new workflow, so there's still a couple things left to do before the stable release.

Featured here are numerous, mostly minor, bug fixes and enhancements, mostly affecting edge cases or niche corners of the software; for example, proxying H2C or HTTP/3, obscure Caddyfile scenarios, and named socket activation.

Some notable changes:

• SIGUSR1 can be used to reload configuration only if it was loaded from a file using the CLI, and not changed by the API since then.
• We replaced "lumberjack", our logging library, with a fork "timberjack" that supports the oft-requested time-rolling ability.
• Caddy can now bind listeners with named socket activation.

Before the final release, we expect ECH key rotation to be enabled as well as a few other patches/features

Thank you to our sponsors and contributors for all that you do!

Changelog

• 5473eb9 encode: fix response corruption when handle_errors is used (#7235)
• 13a4ec7 basicauth: Implement argon2id (#7186)
• 6d90c77 build(deps): bump github.com/slackhq/nebula from 1.9.5 to 1.9.7 (#7315)
• eead249 build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#7355)
• 2d0f3f8 build(deps): bump the actions-deps group with 5 updates (#7237)
• afbdcec build(deps): bump the actions-deps group with 8 updates (#7284)
• cd1c203 build(deps): bump the all-updates group across 1 directory with 2 updates (#7307)
• 39357d3 build(deps): bump the all-updates group with 17 updates (#7236)
• 786d537 build(deps): bump the all-updates group with 3 updates (#7376)
• 07d2aaf build(deps): bump the all-updates group with 4 updates (#7333)
• 0ba8786 caddyfile: Allow block to do nothing if nothing passed to import (#7206)
• 92c8bc7 caddyfile: fix nested quotes formatted incorrectly by fmt (#7045)
• 6d73d85 caddyfile: prevent adding trailing space on line before env variable (#7215)
• d7185fd caddyhttp: Add trusted_proxies_unix for trusting unix socket X-Forwarded-* headers (#7265)
• de6b780 caddyhttp: Add server options keepalive_idle and keepalive_count (#7298)
• e0a8f95 caddyhttp: Normalize (lowercase) {label.N} placeholders
• 5e29536 caddyhttp: add replacer placeholders for escaped values (#7181)
• 8285eba caddyhttp: allow customizing the Server header (#7338)
• bc0e184 caddyhttp: omit unnecessary reassignment (#7276)
• 3553cfb caddyhttp: remove redundant middleware next copy (#7217)
• 1ce2a13 caddyhttp: wrap accepted connection to suppress tls.ConnectionState (#7247)
• d9cc24f caddypki: Disable internal auto-CA when auto_https is disabled (fix #7211) (#7238)
• 1e82f96 caddypki: check intermediate lifetime to actual root cert lifetime (#7272)
• 38848f7 caddytls: Allow disabling distributed solving (except http-01)
• ddec183 caddytls: correct documentation of LeafFolderLoader (#7327)
• f5c3094 cmd: prevent commas in header values from being split (#7268)
• 65e0ddc core: Reloading with SIGUSR1 if config never changed via admin (#7258)
• b3f2db2 core: custom slog handlers for modules (log contextual data) (#7346)
• b2ab419 core: use reflect.TypeFor to check for encoding/json.RawMessage (#7274)
• 806fef8 encode: add graphql-response header to list (#7214)
• 2cb4267 encode: modernize, replace HasSuffix+TrimSuffix with CutSuffix (#7357)
• b462615 fileserver: set Content-Length for precompressed files (#7251)
• 0c8798f go.mod: update quic-go to v0.54.1 (#7273)
• 3c003de httpcaddyfile: Add missing DNS challenge check for acme_dns (#7270)
• 2f1d270 httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults (#7278)
• a7885aa intercept: use already buffered response if possible when intercepting (#7028)
• 156ce99 listeners: Add support for named socket activation (#7243)
• 39ace45 logging: Adjustments to BufferedLog to keep logs in the correct order (#7257)
• 012b4b3 logging: Buffer the logs before config is loaded (#7245)
• 10ac7da logging: Switch from lumberjack to timberjack, add time-rolling options (#7244)
• f5f25d8 logging: fix multiple regexp filters on same field (fixes #7049) (#7061)
• 595aab8 metrics: resolve per-host inifinite cardinality (#7306)
• 57587ed refactor: use reflect.TypeFor (#7313)
• 2ec28bc reverse_proxy: use http1 for outbound tls requests with placeholder that are likely websockets (#7296)
• a6da1ac reverse_proxy: use interfaces to modify the behaviors of the transports (#7353)
• 67a9e06 reverseproxy: Fix retries for requests with bodies (#7360)
• 7fb39ec reverseproxy: Use http1.1 upgrade for websocket for extended connect of http2 and http3 (#7305)
• 8aca108 reverseproxy: do not disable keepalive if proxy protocol is used (#7300)
• abe0aca reverseproxy: set default values for keepalive if only some of them are set (#7318)
• 1e21b66 reverseproxy: use http.Protocols to handle h2c requests (#6990)
• b54e870 tracing: switch to autoexport for OpenTelemetry span exporter (#7317)

What's Changed

• caddyhttp: add replacer placeholders for escaped values by @Qusic in #7181
• AI assistance disclosure by @mholt in #7212
• caddyfile: Prevent trailing space on line before env variable - Fixes #6881 by @arpansaha13 in #7215
• add: encode header Content-Type graphql-response by @aro-lew in #7214
• caddyhttp: Removing redundant middleware next copy by @maxcelant in #7217
• build(deps): bump the all-updates group with 17 updates by @dependabot[bot] in #7236
• build(deps): bump the actions-deps group with 5 updates by @dependabot[bot] in #7237
• encode: fix response corruption when handle_errors is used by @Siomachkin in #7235
• Fix PKI creation when auto_https is disabled (#7211) by @Siomachkin in #7238
• logging: Buffer the logs before config is loaded by @francislavoie in #7245
• fileserver: set Content-Length for precompressed files by @WeidiDeng in #7251
• refactor: use WaitGroup.Go to simplify code by @mickychang9 in #7253
• caddyfile: Allow block to do nothing if nothing passed to import by @BeeJay28 in #7206
• logging: Adjustments to BufferedLog to keep logs in the correct order by @francislavoie in #7257
• caddyhttp: Prevent commas in header values from being split in CLI commands by @gilbsgilbs in #7268
• update quic-go to v0.54.1 by @marten-seemann in #7273
• chore: ugh, lint fix... by @mohammed90 in #7275
• caddypki: check intermediate lifetime to actual root cert lifetime by @u5surf in #7272
• refactor: omit unnecessary reassignment by @asttool in #7276
• core: use reflect.TypeFor to check for encoding/json.RawMessage by @WeidiDeng in #7274
• core: Reloading with SIGUSR1 if config never changed via admin by @francislavoie in #7258
• build(deps): bump the actions-deps group with 8 updates by @dependabot[bot] in #7284
• httpcaddyfile: Add missing DNS challenge check for acme_dns by @rightaditya in #7270
• httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults by @Monviech in #7278
• Argon2id Support for Basic Auth by @GreyXor in #7186
• update quic-go to v0.55.0 by @marten-seemann in #7288
• reverse_proxy: use http1 for outbound tls requests with placeholder t… by @WeidiDeng in #7296
• caddyhttp: Add server options keepalive_idle and keepalive_count by @joshuamcbeth in #7298
• chore: fix some comments by @wyrapeseed in #7303
• logging: Switch from lumberjack to timberjack, add time-rolling options by @aeris in #7244
• reverseproxy: Use http1.1 upgrade for websocket for extended connect of http2 and http3. by @tonyb486 in #7305
• caddyhttp: Add trusted_proxies_unix for trusting unix socket X-Forwarded-* headers by @cseufert in #7265
• caddyhttp: wrap accepted connection to suppress tls.ConnectionState by @WeidiDeng in #7247
• logging: fix multiple regexp filters on same field (fixes #7049) by @s2010 in #7061
• intercept: use already buffered response if possible when intercepting by @WeidiDeng in #7028
• listeners: Add support for named socket activation by @Siomachkin in #7243
• reverseproxy: do not disable keepalive if proxy protocol is used by @WeidiDeng in #7300
• metrics: resolve per-host inifinite cardinality by @mohammed90 in #7306
• reverseproxy: use http.Protocols to handle h2c requests by @WeidiDeng in #6990
• refactor: use reflect.TypeFor by @wyrapeseed in #7313
• build(deps): bump the all-updates group across 1 directory with 2 updates by @dependabot[bot] in #7307
• build(deps): bump github.com/slackhq/nebula from 1.9.5 to 1.9.7 by @dependabot[bot] in #7315
• feat: switch to autoexport for OpenTelemetry span exporter by @PKeidel in #7317
• reverse_proxy: set default values for keepalive if only some of them are set by @WeidiDeng in #7318
• fix quote within quotes formatted incorrectly by fmt by @keystroke3 in #7045
• caddytls: correct documentation of LeafFolderLoader by @mohammed90 in #7327
• fix golangci-lint error G602 in caddyhttp by @cdenicola in #7334
• feat: allow customizing the Server header by @dunglas in #7338
• update quic-go to v0.56.0, enable qlog for HTTP/3 by @marten-seemann in #7345
• build(deps): bump the all-updates group with 4 updates by @dependabot[bot] in #7333
• feat: custom slog handlers for modules (log contextual data) by @dunglas in #7346
• ci: implement new release flow by @mohammed90 in #7341
• reverse_proxy: use interfaces to modify the behaviors of the transports by @WeidiDeng in #7353
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in #7355
• update quic-go to v0.57.0 by @marten-seemann in #7359
• refactor: replace HasSuffix+TrimSuffix with CutSuffix by @ledigang in #7357
• Fix retries for requests with bodies by @chebyrash in #7360
• build(deps): bump the all-updates group with 3 updates by @dependabot[bot] in #7376
• ci: escape backticks in changelogs embedded in JS by @mohammed90 in #7382

New Contributors

• @Qusic made their first contribution in #7181
• @arpansaha13 made their first contribution in #7215
• @aro-lew made their first contribution in #7214
• @maxcelant made their first contribution in #7217
• @Siomachkin made their first contribution in #7235
• @mickychang9 made their first contribution in #7253
• @asttool made their first contribution in #7276
• @rightaditya made their first contribution in #7270
• @Monviech made their first contribution in #7278
• @wyrapeseed made their first contribution in #7303
• @aeris made their first contribution in #7244
• @tonyb486 made their first contribution in #7305
• @cseufert made their first contribution in #7265
• @s2010 made their first contribution in #7061
• @PKeidel made their first contribution in #7317
• @cdenicola made their first contribution in #7334
• @ledigang made their first contribution in #7357
• @chebyrash made their first contribution in #7360

Full Changelog: v2.10.2...v2.11.0-beta.1