Skip to content

TSDProxy v3.0.0-beta.3

Choose a tag to compare

View all tags
@github-actions github-actions released this 26 Jun 20:25
v3.0.0-beta.3
f4bf41d

Changes

New Features

  • feat: add si/ icon dark mode invert and use strings.HasSuffix for extension detection
  • feat: add icons config section and CLI download command
  • feat: embed chrome glyphs and add icon serving handler with on-demand runtime download
  • feat: add icon downloader with on-demand fetching, caching, and extraction
  • feat: merge healthcheck into server binary as subcommand
  • feat(config): add CleanupTLS flag for independent TLS cert cleanup
  • feat(config): add allowContainerFunnel and allowTlsValidateDisable security gates
  • feat(metrics): add ProxyUp/connection/cert-expiry gauges, Grafana dashboard, and lifecycle fixes
  • feat: webhook template functions, templateContentType, and docs (#483)
  • feat: Go template support for custom webhook payloads (#480)

Security Updates

Bug Fixes

  • fix: fix test file permissions from 0o644 to 0o600 for gosec G306
  • feat: merge healthcheck into server binary as subcommand
  • fix(proxymanager): move UDP backend dial outside client map lock
  • fix(proxymanager): optimize rate limiter LRU eviction to O(1)
  • fix(proxymanager): improve domain error handling and cert monitoring
  • fix(proxymanager): prevent lock corruption with token-based unlock API
  • fix(proxymanager): harden port lifecycle with start lock, TCP timeout, and error logging
  • fix(server): start HTTP listener before proxy setup
  • fix(proxymanager): fix cert tracker race and DNS rollback context
  • fix(proxymanager): harden port start with shared guard, add connection limits
  • fix(proxymanager): consolidate teardown into removeAndTeardown primitive
  • fix(proxymanager): log instead of panic on keyedLocks double-unlock
  • fix(proxymanager): re-pause proxy when Resume fails all listeners
  • fix(proxymanager): harden TCP/HTTP port forwarding
  • fix(proxymanager): close rate-limit bypass for unresolvable peer IPs
  • fix(docker): allow explicit port labels to bypass bridge-mode guard
  • fix(tailscale): silence 'use of closed network connection' warn on shutdown

Dependency Updates

Documentation

  • docs: update AGENTS.md for icon architecture and downloader
  • docs: document icon-on-demand system with custom icons, server config, and airgapped deployment
  • feat: merge healthcheck into server binary as subcommand
  • docs: rewrite llms.txt and llms-full.txt for deployment/configuration focus
  • docs: group e2e test files by theme in AGENTS.md
  • docs: fix stale claims in dashboard, config, and dnsproviders AGENTS.md
  • docs: update tailscale AGENTS.md with eventloop, ACL, and exposure docs
  • docs: rewrite proxymanager AGENTS.md for RF-2 concurrency redesign
  • docs: add AGENTS.md for internal/ui and web directories
  • docs: add goleak and bug-test conventions to root AGENTS.md
  • docs: add CleanupTLS to v3 user docs
  • docs: correct TLS cleanup gating in tlsproviders AGENTS.md
  • docs: add allowContainerFunnel and allowTlsValidateDisable to v3 docs
  • docs(v3): expand ACL Auto-Provisioning with examples, errors, and rollback
  • docs: add Bug-fix TDD protocol to AGENTS.md
  • docs(v3): add rate limiting and shutdownDrainSeconds to changelog

Other Changes

  • web: update htmx, daisyui
  • refactor(tlsproviders): rename TLSLifecycleManager to LifecycleManager
  • refactor(proxymanager): split port.go into per-protocol files
  • refactor(model): use SecretString for ResolvedAuthKey
  • style: enable additional linters
Assets 12
Loading
0 Join discussion