pberkel/caddy-storage-redis v1.7.0

on GitHub

Security fixes

• TLS certificate verification is now enabled by default. Prior to this release tls_insecure defaulted to true, meaning TLS connections to Redis did not verify the server certificate. The default is now false. Users who require TLS without a verifiable certificate must explicitly set tls_insecure true in their configuration.
• key_prefix is now validated and normalised. Leading and trailing / characters are stripped, and prefixes containing empty segments or path traversal segments (. or ..) are rejected at startup.
• Encryption key is no longer included in startup error messages. Previously, a too-short encryption_key value was echoed in the error message.
• Decompression bomb protection. Decompression is now limited to 4 MiB. Values that decompress beyond this limit are rejected with an error.

Improvements

• Updated go-redis from v9.17.2 to v9.18.0.
• Added miniredis/v2 as a test dependency to enable unit tests without a live Redis instance.
• Added a GitHub Actions workflow that runs unit tests on pull requests.
• Expanded test coverage for configuration validation, encryption, and compression edge cases.