Proxy chunked encoding support, bug fixes to cache, nodejs, aio, cgroup and namespace

• [Security] Fix chunked encoding + proxy related issues (thanks to @Skad0sh @ma1f0y @sayoojbkumar)
• [Feature] Add request body chunked encoding support for proxy backend
• [Bugfix] Fix excessive cache missing due to varying on cookie.
• [Bugfix] Make nodejs helper script compatible with older nodejs versions.
• [Bugfix] Minor fixes to namespace and cgroup support.
• [Bugfix] Update lsquic to v4.0.8
• [Bugfix] Fix crash in AIO code.

Strict header validation, defend HTTP/2 rapid reset, range request fix

• [Security] More strict header validations
• [Security] Detect HTTP/2 repaid reset attack and disable HTTP/2 for attacking IP.
• [Improve] Update libmodsecurity to 3.0.11
• [Bug Fix] Fix a HTTP/3 integration issue that causes high CPU usage.
• [Bug Fix] Rewrite rule configured in parent directory is disabled due to an empty .htaccess.
• [Bug Fix] Address a compatibility issue with Ruby application using Rack 3.0+.
• [Bug Fix] Address issue in serving a HTTP range request.
• [Bug Fix] Address range request download error.
• [Bug Fix] Address PHP possible dead lock error.

Namespace, iouring, QUICv2, hCaptcha support and more

• Linux Namespace container for resource isolation.
• Asynchronous I/O via iouring, linux AIO and posix AIO.
• Update HTTP3 with the latest QUICv2 support.
• hCaptcha support for reCAPTCHA validation.
• JSon real-time and status report.
• Improved compatibility with MacOSX, FreeBSD.
• Improved build.sh with optional module compilation.
• Static link luajit 2.1 for mod_lua.
• Other minor bug fixes.

Request header validation and mod_security update

• [Security] Apply more strict request header validation.
• [Security] Update libmodsecurity to v3.10.
• [Tuning] Lift default memory limit for external applications.
• [Improvement] Add private cache session cookie detection for WordPress.
• [Bug Fix] Address bug in converting x-forwarded-scheme to x-forwarded-proto.

Version 1.7.17 release

• [Security] Address request header smuggling over HTTP/2 and HTTP/3
• [New Feature] Add support for ARM aarch64 platform.
• [Bug Fix] Update lsquic to v3.2.0
• [Bug Fix] Update libmodsecurity to v3.0.9
• [Bug Fix] Address passing large request headers to PHP-FPM.
• [Bug Fix] Properly detect when out of disk space using posix_fallocate().
• [Bug Fix] Support bcrypt authentication hash format starting with "$2b$".
• [Bug Fix] Other minor bug fixes.

Version 1.7.16 release

• [Security] Address a few crashes and memory leaks in HTTP/3 implementation.
• [Security] Address CVE-2022-0072, CVE-2022-0073 and CVE-2022-0074 with 1.7.16.1 update.
• [Improvement] Add support for vhost strict ownership validation.
• [Improvement] Add pagination for long pages generated by auto index.
• [Bug Fix] Block request header "transfer-encoding: chunked" for HTTP/2 and HTTP/3.
• [Bug Fix] Correctly handle "next" flag in rewrite rule parser.
• [Bug Fix] Address a few random crashes.

Version 1.7.15 release

• [Security] Fix a dynamic linking security issue, reported by RACK911.
• [Bug Fix] Correct a few minor cache engine issues.
• [Bug Fix] "Force Strict Ownership" feature now works as expected.
• [Bug Fix] Address Bubblewrap integration issues.
• [Bug Fix] Address an issue with including the same configuration file multiple times.
• [Improvement] New directory auto indexing script.

Version 1.7.14 release

• [Bug Fix] Update libmodsecurity from v3.0.4 to v3.0.5.
• [Bug Fix] Address a crash in handling range requests to files without a suffix (introduced in OLS v1.7.12).
• [Bug Fix] Address a corner case that breaks POST requests without a content length header for HTTP/2 or QUIC streams.
• [Bug Fix] Address a crash in QUIC.cloud IP fetching code (introduced in OLS v1.7.13).

Version 1.7.13 release

• [New Feature] Auto whitelist QUIC.cloud and Cloudflare IPs.
• [New Feature] Auto whitelist local IP.
• [Bug Fix] Address random 500 responses when serving cached pages.
• [Bug Fix] Do not send "Content-type" header for static files without a filename suffix.
• [Bug Fix] Cleanup admin.sock.* automatically.

Version 1.7.12 release

• [Improvement] Update lsquic to v3.0.2 to address a chrome HTTP/3 connection timeout issue for long-running scripts.
• [New Feature] Add support for "blockbot" environment variables to block botnets via rewrite rules. (issue #250)
• [New Feature] Add support for 444 status code to block botnets.
• [Misc] Cleanup old code that broke ARMv64 builds. (issue #253)
• [Misc] Update some confusing log messages. (issue #251 #252)
• [Bug Fix] Behind proxy connection throttling issue.
• [Bug Fix] Broken default access log format.