-
Notifications
You must be signed in to change notification settings - Fork 123
/
HISTORY.txt
455 lines (353 loc) · 15.8 KB
/
HISTORY.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
Version history - highlights
============================
v1.5.2.201011
-------------
- Fix the bundled CA certificate for Sectigo
v1.5.2.200725
-------------
- Make --ca_certs no longer part of --defaults
- Disable CA certificate checking in the distant future
- Try harder to survive OpenSSL write-retry errors on backend
v1.5.2.200603
-------------
- Fix some TLS connection instability on old/embedded devices
- Fix bad select() behaviour (Windows)
v1.5.2.200531
-------------
- Update bundled CA Root certs
- Avoid hanging TunnelManager if DNS updates never complete
- Remove automated crash reports, it is a privacy leak nobody uses
- Python3 fixes for built-in HTTPD
- Further narrow the disconnect/keepalive logic
v1.5.2.200513
-------------
- Remove obsolete finger, httpfinger and Minecraft protocols
- Add working front-end support for XMPP tunnels
- Make the auto-keepalive logic simpler and hopefully more robust
- Depend on pySocksipychain 2.1.2+, to pick up SSL fixes
- The single-file pagekite.py bundle now supports Python 2.7 and 3.x
- Document the forgotten `unknown` backend-of-last-resort feature
v1.5.1.200424
-------------
- This merges release (v1.0.1): performance and efficiency!
- Create ping.pagekite fast-path in dedicated thread
- Make select loop timing and read sizes configurable, tweak defaults
- Remove 0.4.x flow-control, fix major bugs in current flow control code
- Fix locking-related deadlocks under PyPy
- Added --watchdog=N, to self-reap locked up processes
- Disabled old ssl workarounds on modern versions of Python (broke PyPy)
v1.5.0.200327
-------------
- Allow loading frontend IP list from a file instead of using DNS
- Avoid crash if getsockname() fails
- Python 3 bugfix: Fixed text wizard UI
- Support for Python 3.8, more misc Python 3 fixes
v1.5.0.191126
-------------
- FIRST RELEASE which supports Python 3; default is still 2.7 though.
- Bump versions: New Dev Is Happening! Also, breaking compatibility...
- Dropped protocols: finger, httpfinger, minecraft
- Dropped support: Python 2.6 and below probably no longer work.
- Fix a few minor buglets
- Added experimental support for relay connections over websockets
- Debian: improve .deb config samples
- Improve errors/feedback if config is unwritable during signup, add, etc.
- Added +proxyproto: HAProxy PROXY (v1) protocol support at the backend
- Added --loglevel=N, massage logging & defaults to be more user friendly
v1.0.0.190225 2019.02.25
-------------
- Call this 1.0, change versioning schemes. We're pretty stable!
- UI: Made relay capability description and quota report less confusing
- BE: Many refinements to the front-end relay selection algorithm
- BE: Implement exponential fallback for DDNS update failures
- BE: Fix IP address leak in BE offline page, fix &-encoding in URL
- FE: Add --ratelimit_ips= , for eliminating phishing once and for all
- FE: Augmented --authdomain= so it supports external authentication apps
- FE: Added --authfail_closed, to avoid failing open if tunnel auth is broken
- FE: Implement --overload= and friends.
- Debian: Make it easy to use alternate Python for daemon (see init script)
- HTTPD: Add support for file uploads, new flags: +uploads and +ul_filenames
- HTTPD: Implement a PhotoBackup server, new flags: +photobackup
v0.5.9.3 2018.01.24
--------
- Fix problems with setting CA cert location within wizard
- Add workaround to cope with broken CA cert configurations
v0.5.9.2 2018.01.23
--------
- Improve UI and provide debugging hints when failing to connect
- Remove incorrect use of assert()
v0.5.9.1 2017.12.09 (same as 0.5.9a)
--------
- Adjust tunnel ping frequency on disconnect, to cope with bad firewalls
- Add --keepalive for manual tunnel ping frequency configuration
- Workaround Debian (and others) distrusting StartCOM issued certificates
- Allow multiple --errorurl arguments for per-domain customization
- Fix loopback (local backends on a frontend)
v0.5.9 2016.11.18
------
- CRITICAL: Fix how we load CA Certificates
- Add --fe_nocertcheck for insecure (obfuscation-only) TLS connections
- Add --whitelabel and --whitelabels for auto-configuring default
settings for users of the pagekite.net white-label service
- Remove --jakenoia, it wasn't documented anywhere and didn't really work
- Advertise relay overload, consider during "Ping" evaluation
- Create vipagekite helper for safely editing configs
v0.5.8f 2016.11.18
-------
- CRITICAL: Fix how we load CA Certificates (backport from v0.5.9)
- Minor back-ported bugfixes
v0.5.6f 2016.11.18
-------
- CRITICAL: Fix how we load CA Certificates (backport from v0.5.9)
v0.5.8e 2016.03.02
-------
- Fix dynamic DNS update bug which would advertise too many IPs
- Enable versioned DNS frontend lookups in default settings
- Fix server ping logic (broken in 0.5.8a)
v0.5.8b 2016.02.16
-------
- Fix SSL3_WRITE_PENDING errors with recent OpenSSL versions
- Make signup e-mail regexp less strict (rely on server to check)
- Change iframe links to use https:// by default
v0.5.8a 2015.10.16
-------
- Speed up startup by pinging relays in parallel
- Attempt to fix infinite loop when using epoll
- Misc. crashers avoided, including in log code on disk full
- Fix multiple TunnelManager crashes which would prevent reconnection
v0.5.7b 2015.09.15
-------
- Allow legacy SSL support with --tls_legacy
- Added --auththreads=N to tune size of authentication thread pool
- Improve automated regression testing to test older versions too
v0.5.7a 2015.09.06
-------
- Security: Drop SSLv2 and SSLv3 support from the front-end!
- Fix permissions bug in Debian logrotate script
v0.5.6e (not released)
-------
- HTTPS Back-end generates TLSv1 Internal Error alerts if server is down
- Added --accept_acl_file=/... for mitigating frontend abuse and DDoS.
v0.5.6d 2013.06.14
-------
- Fixed bug in proxy and Tor support
v0.5.6b,c 2013.05.24
---------
- Fixed bug where PageKite would not recover from network errors
- Fixed IPv6 frontend selection behavior
- Avoid duplicate connection woes when a frontend has multiple IPs
- Fixed incorrect frontend certificate priority (bogus sorting)
- Fixed loopback tunnel bugs introduced by new FE selection
v0.5.6a 2013.03.18
-------
- Added default privacy-friendly robots.txt to built-in HTTPD.
- Fixed bugs in DNS update logic
- Improved frontend selection algorithm to fail back to faster hosts
- Improved frontend selection algorithm to disconnect unused tunnels
- Fixed major front-end memory leak
- Started measuring round-trip-times within tunnels
- Fixed multiple bugs in frontend quota rechecking code.
v0.5.5 2013.02.01
------
- Fixed broken internal buffered byte counter
- Log and allow monitoring of tunnel round-trip-times
- Minecraft protocol support at the frontend
- Fixed connection bug: native Python SSL + no SSL on front-end = fail
- Dropped support for the insecure SSLv2
v0.5.4 2012.11.29
------
- Improved --proxy argument handling to do chains properly
- Added --client_acl and --tunnel_acl
- Fixed bug in --pemfile
- Fixed built-in HTTPS server's silly incompatibility with SNI.
- Added --selfsign for easily enabling self-signed HTTPS.
- Fixed behavior of --remove and --disable for nonexistant kites.
v0.5.2, v0.5.3
--------------
- Forgot to document these, oops.
v0.5.1 2012.07.22
------
- Fixed lots and lots of file descriptor leaks.
- Added --shell for easier use in a GUI environment.
v0.5.0 2012.07.20
------
- Prefer and use epoll() if it is available.
- Added better probe diagnostics, using json returns and CORS headers.
- Correctly handle and report the new pagekite.net quota dimensions.
- Corrected error messages when using an invalid shared secret.
- Added support for multiple auth domains at the front-end.
- Brought README.md up-to-date
- Renamed --backend/--disable_backend to --service_on/--service_off
- Allow white-space in the config file and make it more readable
- Added: --watch=<LEVEL> for watching tunneled traffic (back-end only)
- Deprecated: --reloadfile, --delete_backend
- Refactored and rewrote built-in manual and man page.
- Added support for Flash socket-policy responses (open policy)
- Support kites over IPv6.
- Improved HTTP header filtering, now always inserts X-Forwarded-For,
added X-Forwarded-Proto and +rawheaders flag for disabling.
- Fixed bugs in Loopback tunnels with bad backends
- Added URL firewall, +insecure and --insecure to disable it.
v0.4.6 2012.01.15
------
- Improved new kite wizard a bit
- Added human readable date/time to log output
- Cleaned up auto-generated configuration file
- Fixed bug in front-end HTTP CONNECT for wild-card TLS endpoints
- Behave gracefully when X.pagekite.me is in /etc/hosts as 127.x.x.x
- Added proper MOTD handling
v0.4.5 2011.08.22
------
- Finalize and document finger and IRC support.
- Support wild-card backends (*.domain.com).
v0.4.4 2011.08.02
------
- Major code reorganization, split giant pagekite.py into multiple
parts, and spawned two spin-off projects:
- http://pagekite.net/wiki/Floss/PyBreeder/
- http://pagekite.net/wiki/Floss/PySocksipyChain/
- Made the built-in HTTPD reply to http://localhost:port/ requests.
- Added back-end flags:
- Added +rewritehost
- Renamed +user/ to +password/
- Allow +options after the domain name
- Experimental support for the finger and IRC protocols.
- Experimental setuptools, .deb and .rpm packaging rules.
- Experimental --remoteui to facilitate development of GUIs.
v0.4.3 2011.05.26
------
- UI is more colorful!
- UI is more friendly on Windows and in OS X transient windows.
- UI now gives useful feedback in front-end mode as well.
- UI now reports https:// URLs when they are available.
- Added --add, --only, --remove and --disable for manipulating your
kite configuration from the command-line.
- HTTP Basic Auth can now be required for any HTTP back-end.
- Back-ported from 0.3.20:
- Fixed more file-descriptor leaks.
- Fixed a bug in initial handshake when front-end was using python's SSL.
- Fixed infinite recursion bug in loopback tunnels.
- Made auxillary threads handle exceptions more gracefully.
- Made connection hand-shake more verbose (prep. better error reporting).
- Added --debugio flag for low-level debugging.
v0.4.2 2011.05.13
------
- Fixed some file descriptor leaks
- Added name-based virtual server and virtual file tree to built in HTTPD.
- Revamped the command-line short-cuts to follow the common Unix
'action source source ... destination' pattern.
v0.4.1 2011.05.05
------
- Branched major revision 0.4.x from stable 0.3.x.
- Much improved interactive console user interface and shortcut feature.
To disable the interface, use --nullui.
- Added built-in static HTTP daemon.
v0.3.17 2011.04.20
-------
- Crypto cleanup: better random numbers, clarified code, added timestamps
to front-end challenges (limits replay attack window), allowed hardcoding
of front-end SSL cert hash in config file.
- Fixed hanging SSL connections on front-ends with native termination.
- Rapid network switching should work (session-id based disconnects).
- Minor flow-control tweaks and fixes.
- Fixed a bug where large file transfers could disconnect tunnels.
- Fixed some logging issues on Windows.
v0.3.16 2011.03.11
-------
- Worked around bug in native Python ssl module which kills busy tunnels.
- Fixed lame bug in --all code.
v0.3.15 2011.03.03
-------
- Revamped stream EOF handling, fixing many corner case bugs in the process.
- Fixed GitHub issue #12
v0.3.14 2011.02.11
-------
- Moved fancy error messages to a frame, instead of a redirect.
- Added support for catch-all backends (hostname = unknown).
- Added timeouts to tunnel and backend connection code to reduce stalling.
- Moved tunnel management to separate thread.
- Added --rawports=virtual for virtual (HTTP CONNECT only) raw ports.
v0.3.13 2011.01.25
-------
- Fixed yet another flow-control problem (bad error handling)
v0.3.12 2011.01.21
-------
- Report a config error when the same backend is defined twice.
- Don't submit crash reports when misconfigured. *sigh*
v0.3.11 2011.01.20
-------
- Removed debugging code to improve privacy.
- Reduced memory footprint slightly, especially on the front-end.
- Fixed bugs in 3rd party dynamic DNS support, improved docs.
v0.3.10 2011.01.15
-------
- BUGFIX: More improvements to IO error handling.
v0.3.9 2011.01.05
------
- BUGFIX: 0.3.8 broke Windows connections, this should fix them again.
- Re-opens logs on SIGHUP, for compatibility with logrotate.
- Tweaked internal CONNECT to work with HTTP/1.1 clients: putty can ssh!
- Look for CA Certificates in the rc-file if not found in the host OS.
- Added --errorurl for fancier "back-end unavailable" messages.
- Better detection of dead tunnels and connection re-establishment.
v0.3.8 2011.01.02
------
- Many TLS/SSL fixes:
- Works with pyOpenSSL or the default Python 2.6 ssl module.
- Can now terminate/unwrap TLS/SSL at the front-end.
- Routing support for the old lame SSLv2.
- Built-in TLS/SSL works with pyOpenSSL or python 2.6+ ssl.
- TLS tunnels: encryption and FE auth. See --ca_certs and --fe_certname.
- Protocol fixes: switching from "magic" request paths to HTTP CONNECT.
- Added --noprobes and probe logging at the back-end.
- Misc. minor bugfixes.
v0.3.7 2010.12.26
v0.3.6
------
- Added support for the websocket protocols (Upgrade: WebSocket header)
- Added support for binding to, and routing by ports as well as protocols
- Added time-based routing of non-SNI SSL connections.
- Added time-based routing of raw ports (for ssh-after-HTTP).
- Added X-Forwarded-For header to for HTTP and WEBSOCKET
- The IP address of visiters now gets reported to back-end and logged.
- Built-in httpd now based on SimpleXMLRPCServer
- Enbled --pemfile, for SSL encrypted admin consoles
- Front-ends can now have local (non-tunneled) back-ends
v0.3.5 2010.12.15
------
- Misc. minor bugfixes.
- Added support for WebDAV and other missing HTTP request methods.
- Added some real Yamon variables for monitoring
- Log-format normalized a bit, created pagekite_logparse.py.
- Bugfix: minor memory leak when target servers are down (BE unavailable).
- Bugfix: bad flow-control bug could freeze the select-loop.
v0.3.4 2010.11.09
------
- Added basic flow-control to avoid excessive memory use on large file
transfers with fast backends and slow upstream pipes.
v0.3.3 2010.11.03
------
- Fixed crash report misbehavior on some Python versions.
v0.3.2 2010.10.25
------
- HTTP UI now has logs & connection details, and --httppass works.
- Anonymized IP addresses in HTTP UI and all logs.
- Protocol tweaks: front-end is backwards compatible, back-end is not.
- Added support for probe requests, showing status in the UI.
v0.3.1 2010.10.14
v0.3.0
------
* BUG: ValueErrors in invalid configs generated crash report spam.
* BUG: Fixed chunking alignment problem.
* BUG: Fixed HTTP header parsing problem
- Added support for tunneling through tor, or other socks5 proxies.
- Added support for zlib compressed tunnels
- Added basic unit-tests!
- Added crash report feature and auto-restart on crash.
v0.2.1 2010.10.12
------
- Added support for --defaults and --settings
- Renamed from beanstalks_net.py to pagekite.py
v0.2.0 2010.09.22
------
- First alpha-testing release.