2.4.1

• Fixed a rarely occurring crash when upgrading backend server's HTTP connection as a reverse proxy.

2.4.0

• Added bunny.net, DigitalOcean and OVH DNS providers for DNS-01 ACME challenge.
• Added support for HTTP Basic authentication for forward proxying.
• Fixed ACME cache file handling during certificate renewals. Cache files are now correctly truncated when rewritten, preventing stale data from causing parse failures.
• Fixed brute-force protection not being able to be disabled due to wrong configuration validation check.
• Fixed Connection header setting for reverse proxying being set to keep-alive, keep-alive.
• Fixed graceful shutdown (during configuration reloading) for the HTTP/3 server.
• Fixed precompressed files not being picked up when the original filename doesn't have a file extension.
• Fixed the original request URL not preserved when the server is configured to rewrite URLs using rewrite directive.
• Fixed trailing slash redirects leading to an URL without base when remove_base prop of a location block is set to #true.
• Fixed URL rewrites not applied when remove_base prop of a location block is set to #true.
• Improved compliance of static file serving functionality with RFC 7232 (conditional requests) and RFC 7233 (range requests).
• The forwarded authentication module now uses an unlimited idle kept-alive connection pool, just like the reverse proxy module.
• The server now falls back with io_uring disabled when io_uring couldn't be initialized and io_uring is implicitly enabled.
• The server now logs a warning if status 200 directive is used without specifying a response body.
• The server now performs cleanup of TLS-ALPN-01 and HTTP-01 challenges after obtaining the TLS certificates.
• The server now reuses connections that aren't ready after waiting for readiness when the concurrent limit is reached, instead of establishing a new connection.

2.3.2

• The server now gracefully handles canceled I/O operations that could previously cause 502 Bad Gateway errors (when io_uring is disabled).
• The server now gracefully handles canceled I/O operations that could previously cause a crash under rare conditions (when io_uring is enabled).

2.3.1

• The server now gracefully handles canceled I/O operations that could previously cause a crash under rare conditions (when io_uring is disabled).

2.3.0

• Added a metric for reverse proxy connections (grouped by whether the connection is reused)
• Added option to disable the URL sanitizer (to allow passing request path as-is to proxy backend servers without the sanitizer rewriting the URL).
• Added support for canonicalized IP address placeholders.
• Added support for global and local reverse proxy TCP connection concurrency limits.
• Added support for timeouts for idle kept-alive connections in a reverse proxy.
• Fixed a CGI, SCGI and FastCGI interoperability issue caused by the wrong value of the "HTTPS" variable.
• Fixed an XSS bug through server administrator's email address specified in the server configuration.
• Fixed errors when using URL-safe Base64-encoded ACME EAB key HMACs with "=" at the end.
• Fixed explicit TLS version configuration being incorrectly applied.
• Improved error reporting for invalid URLs for SCGI and FastCGI.
• Optimized the performance of overall network I/O.
• Optimized the QUIC and HTTP/3 performance.
• Removed a configuration directive for specifying maximum idle kept-alive connection pool in a reverse proxy.
• Replaced mimalloc v2 with mimalloc v3 (and also dropped support for very early 64-bit x86 CPUs).
• Slightly optimized ETag generation for static file serving.
• The H3_NO_ERROR errors are no longer logged into the error log.
• The reverse proxy now no longer waits for non-ready connections to be ready (it now just pulls another connection from the pool).
• The reverse proxy now uses an unlimited idle kept-alive connection pool.
• The server is now accessible via IPv4 by default on Windows (IPv6 is enabled by default).
• The server now no longer fails automatic TLS certificate management tasks, when the ACME cache is inaccessible or corrupted.
• The server now removes some response headers that are invalid in HTTP/3, if the client is connected to the server via HTTP/3
• The server now uses a faster asynchronous Rust runtime (Monoio) on Windows (like it is on other platforms) instead of Tokio only.

2.2.1

• Fixed a bug causing a deadlock when the server is gracefully reloading its configuration and OTLP observability backend was enabled before.
• The server now no longer overrides X-Forwarded-Host and X-Forwarded-Proto request headers before sending them to backend servers, when they exist, and the X-Forwarded-For header is trusted.

2.2.0

• Added support for observability (via logs, metrics and traces) via OpenTelemetry Protocol (OTLP).
• Fixed a bug causing requests to not be logged at all to host-specific access logs, if the global access log file wasn't specified.
• Fixed a bug causing the default cache item count limit to be not enforced.

2.1.0

• Added a language matching subcondition (based on the Accept-Language header).
• Added support for custom MIME types for static file serving.
• Added support for dynamic content compression.
• Added support for HTTP/2-only (and gRPC over plain text) backend servers.
• Added support for sending PROXY protocol headers to backend servers when acting as a reverse proxy.
• Added support for setting constants inside conditions.
• Added support for specifying custom directory index files.
• Added support for using snippets inside conditions.
• Configuration validation and module loading error messages now also report in what block did the error occur.
• Corrected the configuration validation for cgi_interpreter directive.
• Fixed access logs wrongly written to global log files instead of host-specific ones.
• Fixed bug preventing some configuration properties in error_config blocks from being applied.
• The block and allow directives (used for access control) are no longer global-only.
• The server now disables HTTP/2 for backend servers when proxy_http2 directive is used, and the request contains Upgrade header.
• The server now removes Forwarded header before sending requests to backend servers as a reverse proxy.

2.0.1

• Fixed bugs related to wrongly applying configurations from configuration blocks.

2.0.0

• First stable release of Ferron 2