v2.11.4
📦 caddyView on GitHub →
✨ 1 features🐛 16 fixes🔧 9 symbols
Summary
This release focuses on patching security and security-adjacent bugs, alongside various general fixes and enhancements contributed by the community. Key fixes include improved path matching on Windows and better handling of request bodies and TLS states.
✨ New Features
- Encode module now prioritizes zstd and br over gzip in content negotiation.
🐛 Bug Fixes
- caddyhttp: Normalized Windows backslashes in path matcher.
- rewrite: Prevented placeholder re-expansion in injected query.
- templates: Improved stripHTML action to more reliably remove malformed HTML.
- caddyhttp: Ignored header fields with underscores to prevent collisions.
- reverseproxy: Further prevented body closes from dial errors.
- caddytls: Fixed client authentication issues.
- caddyhttp: Omitted Last-Modified header for unusable modification times.
- caddytls: Fixed TLS state races and ECH rotation retry logic.
- caddyauth: Added candidate placeholders for rejected identities.
- cmd: Added support for starting Caddy on IPv6-only hosts.
- caddyfile: Preserved implicit TLS issuer semantics.
- reverseproxy: Wrapped request body to prevent closing if not read.
- caddytls: Matched IDN SNI in connection policies.
- caddytls: Skipped idna.ToASCII for pure ASCII SNI values.
- httpcaddyfile: Fixed incorrect error message on duplicate matchers.
- Applied patch for GHSA-vcc4-2c75-vc9v.