v2.11.2
📦 caddyView on GitHub →
✨ 4 features🐛 12 fixes⚡ 1 deprecations🔧 8 symbols
Summary
Caddy 2.11.2 delivers numerous bug fixes, including two critical security patches, and introduces new features like zstd log compression support and enhanced reverse proxy tracking for passive health checking.
Migration Steps
- If using gzip log rolling, change configuration from `roll_gzip` to use `roll_compression` set to the appropriate value (e.g., zstd or gzip if still supported temporarily).
✨ New Features
- Added `tls_resolvers` global option to control DNS resolvers for all sites when using the ACME DNS challenge.
- Log rolling now supports `zstd` compression.
- Dynamic upstreams are now tracked in reverse proxy, enabling passive health checking.
- Performance improvements for metrics collection.
🐛 Bug Fixes
- Fixed a bug in rewrite handler that could cause some URIs to not be rewritten when URI path is an escaped form of target path.
- Fixed security vulnerability in `forward_auth` directive preventing identity injection and potential privilege escalation (CVE).
- Fixed security vulnerability in `vars_regexp` that allowed double expansion of placeholders, potentially revealing secrets (CVE).
- Fixed `health_port` being ignored in reverse proxy health checks.
- Fixed nil pointer dereference in `proxyWrapper`.
- Fixed missing TLS connection policies when auto_https is default.
- Fixed `slog` error level logs printing stack traces.
- Fixed reverse proxy TLS dialing when using proxy protocol.
- Fixed reverse proxy preventing body close on dial-error retries.
- Fixed reverse proxy querying and escaping request URLs when proxy protocol is enabled.
- Fixed auto-HTTPS redirect routes not being sorted by host specificity.
- Fixed parser panic when no tokens were added by an empty {block} in Caddyfile.
Affected Symbols
⚡ Deprecations
- Log rolling deprecated `roll_gzip`; use `roll_compression` instead.