container
/
link-validator
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 35 Activity

chore(deps): update dependency caddyserver/caddy to v2.4.3 #33

Merged
xoxys merged 1 commits from renovate/caddyserver-caddy-2.x into main 2021-06-18 22:03:02 +02:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovator commented 2021-06-17 23:01:17 +02:00
Member
Copy Link

This PR contains the following updates:

Package Update Change
caddyserver/caddy patch v2.4.2 -> v2.4.3

Release Notes

caddyserver/caddy

v2.4.3

Compare Source

Guess what: this is our 100th release! 🎉 🥳 🎊

A bug fix for the bug fix, and a couple other bug fixes, including one security fix for PHP sites. We think all users should upgrade after giving it a whirl in their test environments. Please note some changes in this patch:

  • ⚠️ In reverse_proxy, the max_idle_conns_per_host option has been removed (both Caddyfile and JSON). This may be a breaking change for a few of you, but it only breaks configs that relied on a bug. Instead of silently failing, you will get an error if you continue using the property. For Caddyfile, we basically renamed the property to keepalive_idle_conns_per_host. In JSON, we simply removed the property, and you should instead set keep_alive/max_idle_conns_per_host if you weren't already. Previously, the Caddyfile subdirective set both MaxConnsPerHost and MaxIdleConnsPerHost, which was confusing; and the JSON properties overwrote each other, so one was removed. Issue #​4201.
  • 🛡️ Security patch in the FastCGI transport that now sanitizes paths against directory traversal outside the site root. PR #​4207.
  • 🐛 Fix canonicalization redirects in file_server. v2.4.2 introduced a bugfix (#​4179) for these redirects when used inside handle_path (i.e. rewriting the path by stripping a prefix), but caused a regression for many other use cases. This release includes a proper fix for all known, tested cases. Basically: these redirects are not issued if the filename of a path was rewritten internally. Issue #​4205.

Changelog

9d4ed3a caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi (#​4207)
e8ae80a fileserver: Don't persist parsed template (fix #​4202)
fbd6560 fileserver: Only redirect if filename not rewritten (fix #​4205)
32c284b reverseproxy: Adjust test related to #​4201
7c68809 reverseproxy: Fix overwriting of max_idle_conns_per_host (closes #​4201)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [caddyserver/caddy](https://github.com/caddyserver/caddy) | patch | `v2.4.2` -> `v2.4.3` | --- ### Release Notes <details> <summary>caddyserver/caddy</summary> ### [`v2.4.3`](https://github.com/caddyserver/caddy/releases/v2.4.3) [Compare Source](https://github.com/caddyserver/caddy/compare/v2.4.2...v2.4.3) Guess what: this is our 100th release! :tada: :partying_face: :confetti_ball: A bug fix for the bug fix, and a couple other bug fixes, including one security fix for PHP sites. We think all users should upgrade after giving it a whirl in their test environments. Please note some changes in this patch: - :warning: **In `reverse_proxy`, the `max_idle_conns_per_host` option has been removed (both Caddyfile and JSON).** This may be a breaking change for a few of you, but it only breaks configs that relied on a bug. Instead of silently failing, you will get an error if you continue using the property. For Caddyfile, we basically renamed the property to `keepalive_idle_conns_per_host`. In JSON, we simply removed the property, and you should instead set `keep_alive/max_idle_conns_per_host` if you weren't already. Previously, the Caddyfile subdirective set both MaxConnsPerHost and MaxIdleConnsPerHost, which was confusing; and the JSON properties overwrote each other, so one was removed. Issue [#&#8203;4201](https://github.com/caddyserver/caddy/issues/4201). - **:shield: Security patch** in the FastCGI transport that now sanitizes paths against directory traversal outside the site root. PR [#&#8203;4207](https://github.com/caddyserver/caddy/issues/4207). - **:bug: Fix canonicalization redirects in `file_server`.** v2.4.2 introduced a bugfix ([#&#8203;4179](https://github.com/caddyserver/caddy/issues/4179)) for these redirects when used inside `handle_path` (i.e. rewriting the path by stripping a prefix), but caused a regression for many other use cases. This release includes a proper fix for all known, tested cases. Basically: these redirects are not issued if the filename of a path was rewritten internally. Issue [#&#8203;4205](https://github.com/caddyserver/caddy/issues/4205). #### Changelog [`9d4ed3a`](https://github.com/caddyserver/caddy/commit/9d4ed3a3) caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi ([#&#8203;4207](https://github.com/caddyserver/caddy/issues/4207)) [`e8ae80a`](https://github.com/caddyserver/caddy/commit/e8ae80ad) fileserver: Don't persist parsed template (fix [#&#8203;4202](https://github.com/caddyserver/caddy/issues/4202)) [`fbd6560`](https://github.com/caddyserver/caddy/commit/fbd65609) fileserver: Only redirect if filename not rewritten (fix [#&#8203;4205](https://github.com/caddyserver/caddy/issues/4205)) [`32c284b`](https://github.com/caddyserver/caddy/commit/32c284b5) reverseproxy: Adjust test related to [#&#8203;4201](https://github.com/caddyserver/caddy/issues/4201) [`7c68809`](https://github.com/caddyserver/caddy/commit/7c68809f) reverseproxy: Fix overwriting of max_idle_conns_per_host (closes [#&#8203;4201](https://github.com/caddyserver/caddy/issues/4201)) </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
renovator added 1 commit 2021-06-17 23:01:18 +02:00
xoxys merged commit 1a6973327a into main 2021-06-18 22:03:02 +02:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: container/link-validator#33
No description provided.
Delete Branch "renovate/caddyserver-caddy-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?