Releases: MichaelPaddon/hypershunt
Release list
hypershunt v1.1.0
hypershunt 1.1.0
The headline of this release is a standards-compliant HTTP response
cache (RFC 9111). hypershunt can now cache eligible responses and
serve them directly, cutting tail latency and upstream load:
- RFC 9111 caching --- freshness from
Cache-Control/Expires
plus heuristic freshness, with correct handling ofVary, private /
no-store, and authenticated responses. - Conditional revalidation --- stale entries are revalidated with
If-None-Match/If-Modified-Sinceand refreshed on a304. - Single-flight --- concurrent requests for the same key coalesce
into one upstream fetch instead of a thundering herd. - Client directives + stale serving (RFC 5861) --- honours
Cache-Controlrequest directives and can serve
stale-while-revalidate/stale-if-errorcontent.
It also fixes two background tasks that could pin a CPU core: the OCSP
refresh task busy-looping after certificate rotation, and the listener
accept loop spinning on file-descriptor exhaustion.
Minor version bump (1.0.0 to 1.1.0): fully backward compatible, no
configuration changes required.
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0
hypershunt 1.0.0 — first stable release
The configuration format is stable and the project follows semantic
versioning from this release onward.
Highlights since the 1.0.0-rc series:
- Cleared all known dependency security advisories.
- Upgraded the OIDC stack (openidconnect 4) and the PAM stack
(pam-client2). - Removed the bundled AWS SDK; Route 53 DNS-01 now runs through the
execprovider. - Extended the request-header (Slowloris) timeout to HTTP/2 and HTTP/3.
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc18
What's new in 1.0.0-rc18
Breaking changes
- Drop built-in Route53 provider and the AWS SDK (#71)
New features
- Apply request-header timeout to HTTP/2 and HTTP/3 (#72)
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc17
What's new in 1.0.0-rc17
Maintenance release.
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc16
What's new in 1.0.0-rc16
Maintenance release.
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc15
What's new in 1.0.0-rc15
Fixes
- OIDC:
username-claim/groups-claimnow read claims from
the ID token. Previously the username silently fell back tosub
and groups came back empty unless the UserInfo endpoint supplied
them (#66). - OCSP: staple when available; a certificate with no responder
URL is served unstapled instead of being treated as a fetch
failure — the normal case for ACME CAs since 2025 (#64). - Config: require
kdl6.7.1 (6.5.x mis-parsed a node whose
inline children block was followed by a trailing comment,
swallowing the next node); accept theunix-stream:scheme for
fastcgi/scgisockets (#65).
Documentation
- Full correctness review of the docs: corrected wrong defaults,
stale behaviour, and non-parsing KDL examples across the reference
and guide (#65).
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc14
What's new in 1.0.0-rc14
Maintenance release.
Features
- Serving --- static files (range, ETag,
try-files), redirects,
inline responses, custom error pages. - Routing --- virtual hosts (literal + regex), request matchers,
URL rewrites with regex captures. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams; load
balancing, health checks, retries; FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and Unix-socket forwarders with
optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01, TLS-ALPN-01), file-based PEM,
self-signed; OCSP stapling; mTLS with CRLs. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd),
JWT sessions, OIDC SSO, firewall-style policy blocks. - Operations --- compression, structured access logs, status page,
health endpoints, hot reload, seamless binary upgrade,.deb/
.rpm/ OCI image.
…and more --- see the configuration reference.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc13
What's new in 1.0.0-rc13
New features
- Add respond handler for inline static responses (#57)
- Drain-aware health readiness + configurable health endpoints (#56)
Features
- Serving --- static files (range, ETag,
try-files, opt-in
directory listings,~user/), redirects, custom error pages,
per-location header injection. - Routing --- virtual hosts (literal + regex), per-location
matchers (method, header, query), URL rewrites with regex
captures, alias names, per-SNI ALPN. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams with
connection pooling; multi-upstream load balancing (round-robin,
least-conn, ip-hash, header-hash, random); active and passive
health checks; retries; per-location rate limits and body caps;
FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and
unix-stream/unix-dgram/
unix-seqpacketforwarders with optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01 via acme-dns / Cloudflare /
Route 53 / exec, TLS-ALPN-01), file-based PEM, ephemeral
self-signed; OCSP stapling on by default; mTLS with CRLs;
sharedcertificateblocks across listeners. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd
with bcrypt / SHA-512 crypt / Argon2id), subrequest auth, JWT
session cookies (ES256, JWKS endpoint), OIDC SSO with PKCE and
back-channel logout, OAuth 2.0 bearer resource-server mode,
firewall-style policy blocks (IP / user / group / GeoIP country). - Operations --- gzip / brotli / zstd response compression,
structured access logs (NCSA Common/Combined, JSON), built-in
status page, health endpoints, hot config reload (SIGHUP),
seamless binary upgrade (SIGUSR2), socket activation,
hypershunt --check-config, systemd unit,.deb/.rpm/ OCI image.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc12
What's new in 1.0.0-rc12
New features
- Per-listener vhost scoping; remove default-vhost (#53)
Features
- Serving --- static files (range, ETag,
try-files, opt-in
directory listings,~user/), redirects, custom error pages,
per-location header injection. - Routing --- virtual hosts (literal + regex), per-location
matchers (method, header, query), URL rewrites with regex
captures, alias names, per-SNI ALPN. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams with
connection pooling; multi-upstream load balancing (round-robin,
least-conn, ip-hash, header-hash, random); active and passive
health checks; retries; per-location rate limits and body caps;
FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and
unix-stream/unix-dgram/
unix-seqpacketforwarders with optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01 via acme-dns / Cloudflare /
Route 53 / exec, TLS-ALPN-01), file-based PEM, ephemeral
self-signed; OCSP stapling on by default; mTLS with CRLs;
sharedcertificateblocks across listeners. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd
with bcrypt / SHA-512 crypt / Argon2id), subrequest auth, JWT
session cookies (ES256, JWKS endpoint), OIDC SSO with PKCE and
back-channel logout, OAuth 2.0 bearer resource-server mode,
firewall-style policy blocks (IP / user / group / GeoIP country). - Operations --- gzip / brotli / zstd response compression,
structured access logs (NCSA Common/Combined, JSON), built-in
status page, health endpoints, hot config reload (SIGHUP),
seamless binary upgrade (SIGUSR2), socket activation,
hypershunt --check-config, systemd unit,.deb/.rpm/ OCI image.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |
hypershunt v1.0.0-rc11
What's new in 1.0.0-rc11
Fixes
- Tighten viewBox framing
- Center sidebar logo
Features
- Serving --- static files (range, ETag,
try-files, opt-in
directory listings,~user/), redirects, custom error pages,
per-location header injection. - Routing --- virtual hosts (literal + regex), per-location
matchers (method, header, query), URL rewrites with regex
captures, alias names, per-SNI ALPN. - Reverse proxy --- HTTP/1, HTTP/2, HTTP/3 upstreams with
connection pooling; multi-upstream load balancing (round-robin,
least-conn, ip-hash, header-hash, random); active and passive
health checks; retries; per-location rate limits and body caps;
FastCGI, SCGI, CGI. - Layer-4 proxy --- TCP, UDP, and
unix-stream/unix-dgram/
unix-seqpacketforwarders with optional TLS termination. - TLS --- ACME (HTTP-01, DNS-01 via acme-dns / Cloudflare /
Route 53 / exec, TLS-ALPN-01), file-based PEM, ephemeral
self-signed; OCSP stapling on by default; mTLS with CRLs;
sharedcertificateblocks across listeners. - Auth & access control --- HTTP Basic (PAM, LDAP, htpasswd
with bcrypt / SHA-512 crypt / Argon2id), subrequest auth, JWT
session cookies (ES256, JWKS endpoint), OIDC SSO with PKCE and
back-channel logout, OAuth 2.0 bearer resource-server mode,
firewall-style policy blocks (IP / user / group / GeoIP country). - Operations --- gzip / brotli / zstd response compression,
structured access logs (NCSA Common/Combined, JSON), built-in
status page, health endpoints, hot config reload (SIGHUP),
seamless binary upgrade (SIGUSR2), socket activation,
hypershunt --check-config, systemd unit,.deb/.rpm/ OCI image.
Standards
| HTTP/1.1, HTTP/2, HTTP/3 | RFC 9112, RFC 9113, RFC 9114 |
| WebSocket; extended CONNECT | RFC 6455, RFC 8441 |
| TLS 1.2 / 1.3 | RFC 5246, RFC 8446 |
| ACME (HTTP-01, DNS-01, TLS-ALPN-01) | RFC 8555, RFC 8737 |
| OCSP stapling | RFC 6066 §8 |
| JWT (ES256) / JWS / JWK / JWK thumbprint | RFC 7519, RFC 7515, RFC 7517, RFC 7638 |
OAuth 2.0 PKCE, token revocation, resource indicators, iss param |
RFC 7636, RFC 7009, RFC 8707, RFC 9207 |
| OpenID Connect 1.0 + back-channel logout | OIDC Core, OIDC Back-Channel Logout |
| HAProxy PROXY protocol v1 / v2 | HAProxy spec |
| CGI / FastCGI / SCGI | RFC 3875, FastCGI 1.0, SCGI 1.0 |
| KDL configuration | KDL v2 |