Skip to content

0.10.13
Compare
Choose a tag to compare
@mholt mholt released this 18 Apr 23:17
· 1999 commits to master since this release
v0.10.13
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
694d2c9
This commit was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.

Caddy 0.10.13 is a minor release that fixes security flaws in TLS client authentication and On-Demand TLS. It is recommended that everyone relying on these capabilities upgrade. This release also has bug fixes for the Caddyfile parser (caught by fuzzing) and handling errors when a certificate could not be obtained via ACME.

Do not use this version, it cannot obtain certificates due to a bug. Version 0.10.14 fixed this.

Change list:

  • New third-party plugin: supervisor
  • Updated QUIC
  • proxy: Fix transparent pass-thru of X-Forwarded-For
  • proxy: Configurable timeout to upstream
  • rewrite: Now supports regular expressions on single-line
  • tls: StrictHostMatching mode to prevent client auth bypass
  • tls: Disable client auth when using QUIC
  • tls: Require same client auth cert pools per hostname
  • tls: Prevent On-Demand TLS directory traversal
  • tls: Fix empty files when using ACME fails to obtain cert
  • Fixed test broken by 1.1.1.1 resolving
  • Improved Caddyfile parser robustness by fuzzing
Assets 11