github yusing/godoxy v0.26.0

8 hours ago

Breaking Changes

ACTION REQUIRED: Review this section before upgrading

  • Core/OIDC: Restricted OIDC middleware to GET requests 95ac659

    • Previous behavior: OIDC middleware attempted to handle redirects for all HTTP methods.
    • New behavior: Only GET requests are processed. Non-GET and WebSocket requests are blocked with a 403 Forbidden response to prevent API clients from receiving unexpected HTML redirects.
    • What to do: If you have API clients making POST/PUT requests to OIDC-protected routes, add explicit bypass rules or ensure they handle authentication out-of-band.
  • WebUI: Migration to TanStack Start & Vite yusing/godoxy-webui@917af31

    • Previous behavior: Frontend was built using Next.js.

    • New behavior: Frontend now uses TanStack Start, Vite, and Nitro.

    • What to do: Update your compose.yml tmpfs section

      tmpfs:
        - /tmp:rw
        - /app/node_modules/.cache:rw

Security

  • Severity: Medium
  • Core/Auth: Mitigated timing attack vulnerability in password validation f92e968
  • Impact: Potential for attackers to enumerate valid usernames by measuring response times. This only affects the username/password (default) authentication method but not OIDC.
  • Fix: The system now always performs a bcrypt comparison regardless of whether the username exists.

New Features

  • Core/Events: Introduced real-time event system and history 3b7a622, 0acedb0

    • Event History: New REST and WebSocket endpoints for viewing system activity.
    • Blocked Requests: Detailed events emitted when requests are blocked by ACL, CIDR whitelist, ForwardAuth, or OIDC.
    • Provider Changes: Global events emitted when Docker or file-based configurations are reloaded.
    • Routes: Global events emitted when routes are added, updated, or removed.
    • Health: Global events emitted when route health status changes.
  • WebUI/Homepage: Complete UI overhaul yusing/godoxy-webui@b9620a40

    • Live Activity: New EventList component for real-time health and security signals.
    • System Stats: Improved visualization of CPU, Memory, and Disk usage.
    • App Cards: Redesigned as interactive buttons with category and latency displays.
  • Core/API: Enhanced Health Diagnostics 1a33c00

    • The /health endpoint now returns a detailed HealthMap containing granular status info for all monitored components.
  • Core/Routes: Per-Route Bind Address

    • HTTP routes can now bind to specific IP addresses. This is useful when you have multiple network interfaces and want to expose routes on different addresses.
    routes:
      my-service:
        host: example.com
        port: 8080 # Listen on default 80+443
        bind: 192.168.1.100  # Bind to specific interface
      my-service2:
        host: example.com
        port: 8443:8080 # Listen on 8443
        bind: 192.168.1.100  # Bind to specific interface

    Supported route types: all

  • WebUI/Routes: Enhanced support for specialized routes yusing/godoxy-webui@ca2f5768, yusing/godoxy-webui@e07209d5

    • FileServer: Dedicated UI fields for managing bind addresses and ports.
    • Stream: More flexible port formatting (e.g., :80, 80:, 80:80) and optional port definitions.
  • Core/IdleWatcher: Added SIGKILL support 7fc6c4a

Improvements

  • Core/ACL: Added "Reason" tracking for all decisions 898002a

    • Logs now explicitly state why an IP was allowed or denied (e.g., "allowed by local rule", "denied by default").
  • Core/Health: Optimized HTTP pinger performance cc516d2, be9af03

    • Increased MaxConnsPerHost from 1 to 1000.
    • Enabled connection reuse to prevent "no free connections available" errors.
  • WebUI/UX: Refined interface styling yusing/godoxy-webui@5eba84ef, yusing/godoxy-webui@30d14d93

    • Improved dark mode consistency and backdrop blur effects.
    • Enhanced command-palette styling and icon search layout.
    • Optimized sidebar navigation using native hidden properties for faster filtering.
  • Core/Build: JavaScript minification bb8b663

    • Internal assets (like the waking/loading page) are now minified, reducing initial load times.

Bug Fixes

  • Core/OIDC: Fixed route failing with OIDC middleware enabled 8b2da08

    • Affected: Users with OIDC configured in files but globally disabled.
    • Fixed:
      • Validation now logs "OIDC not enabled but OIDC middleware is used" instead of returning it.
      • Middleware now gracefully returns early when IsOIDCEnabled is false.
  • Core/Config: Fixed error propagation in configuration loading 6fcd570

    • Correctly returns critical errors and stop the program.

Full Changelog: v0.25.3...v0.26.0

Don't miss a new godoxy release

NewReleases is sending notifications on new releases.