This release contains bug fixes and minor enhancements, including one patch with potential security implications related to path matching.
Notable patches:
- Path matchers unescape/clean URI paths to normalize match space
- Fix regex matching in
maphandler
Notable enhancements:
try_filescan now accept=nnn(e.g.=404) to yield a status code instead of a file.- Template actions
httpError(stop eval and return HTTP error) andimport(likeincludebut changes template context) were added - New placeholder
{http.request.tls.client.certificate_der_base64}
Changelog
749e55c caddycmd: Add --keep-backup to upgrade commands (#4387)
062657d caddycmd: Add --skip-standard to list-modules command, quieter output (#4386)
be5f77e caddycmd: fix caddy validate/fmt help message (#4377)
907e2d8 caddyhttp: Add support for triggering errors from try_files (#4346)
cbb045a caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
e7457b4 caddyhttp: Sanitize the path before evaluating path matchers (#4407)
837cdc5 caddyhttp: reverseproxy: clarify warning for -insecure (#4379)
24fda75 caddytls: Mark storage clean timestamp at end of routine (#4401)
a779e1b fastcgi: Fix Caddyfile parsing when handle_response is used (#4342)
3f2c3ec fastcgi: Implement try_files override in Caddyfile directive (#4347)
64f8b55 fileserver: Fix compression breaks using httpInclude (#4352) (#4358)
d3a0259 fileserver: Fix displayed file size if it is symlink (#4354)
0a5f7a6 fileserver: Make file listing links purple once visited (#4356)
a21d5a0 fileserver: Prevent focusing filter from scrolling on page load (#4393)
33c70f4 fileserver: properly handle escaped/non-ascii paths (#4332)
c4790d7 go.mod: Carefully upgrade some dependencies (fix #4251)
997e41d go.mod: Replace promptui with Apache-compatible fork (fix #4394)
f376a38 go.mod: Update ACMEz and CertMagic
a437206 headers: Canonicalize case in replace (fix #4330)
012d235 httpcaddyfile: Empty tls policy for internal http localhost (#4398)
0ffb222 httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)
a2119c0 map: Fix 95c0350 (avoid repeated expansions)
95c0350 map: Fix regex mappings
3336faf reverseproxy: Log error at error level (fix #4360)
b092061 reverseproxy: Prevent copying the response if a response handler ran (#4388)
f73f55d reverseproxy: Sanitize scheme and host on incoming requests (#4237)
5fda961 templates: Add 'import' action (#4321)
16f7521 templates: Add tests for funcInclude and funcImport (#4357)
2392478 templates: Propagate httpError to HTTP response