0.10.13
Caddy 0.10.13 is a minor release that fixes security flaws in TLS client authentication and On-Demand TLS. It is recommended that everyone relying on these capabilities upgrade. This release also has bug fixes for the Caddyfile parser (caught by fuzzing) and handling errors when a certificate could not be obtained via ACME.
Do not use this version, it cannot obtain certificates due to a bug. Version 0.10.14 fixed this.
Change list:
- New third-party plugin: supervisor
- Updated QUIC
- proxy: Fix transparent pass-thru of X-Forwarded-For
- proxy: Configurable timeout to upstream
- rewrite: Now supports regular expressions on single-line
- tls: StrictHostMatching mode to prevent client auth bypass
- tls: Disable client auth when using QUIC
- tls: Require same client auth cert pools per hostname
- tls: Prevent On-Demand TLS directory traversal
- tls: Fix empty files when using ACME fails to obtain cert
- Fixed test broken by 1.1.1.1 resolving
- Improved Caddyfile parser robustness by fuzzing