rama-0.3.0 #1061
GlenDC
announced in
Announcements
rama-0.3.0
#1061
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Rama 0.3.0 is here. This is a big release: the 0.3 series started with the
first alpha on
2025-07-07and carried a long line of protocol work, APIredesign, platform hardening, and real-world proxy features all the way to this
final release.
For people coming from 0.2: expect breaking changes. The central
Contextmodel is gone, service inputs and outputs have been generalized, extensions are
now the main way to carry request, response, connection and transport metadata,
and Rama owns more of its HTTP and URI surface directly. The migration cost is
real, but it buys a cleaner service model, stronger protocol fidelity, better
proxy ergonomics, and much more room for the next release trains.
This also closes the long alpha era. From here on we aim to ship regular Rama
releases on a 2 to 8 week cadence. Versioning will continue to follow SemVer
semantics.
Community
Thank you to everyone who contributed code, reviews, documentation, testing,
bug reports, ideas, and production feedback during the 0.3 cycle. This release
includes work from Glen De Cauwsemaecker, Brecht Stamper, Abdelkader Boudih,
Nicolas Trippar, M-Kusumgar, Ali Tariq, Camille Louédoc-Eyriès, sim-hash,
Irfan - ئىرفان, Yukun Wang, hafihaf123, Aydan Pirani, Kenny Lau, MeerKatDev,
Maarten Deprez, Dominic Lindsay, Xavier Lambein, Stijn De Clercq,
Shabbir Hasan, Antoine Bernardeau, Darshil Patel, Gautham Venkataraman, FS,
Elias, Azzam S.A, Nikita, Ian Wagner, bitterpanda, Elizabeth Gonzales Belsuzarri,
0x676e67, KoHcoJlb, and everyone else who helped shape the release.
Thank you also to our GitHub Sponsors for directly funding Rama development,
and to our commercial partners for funding a significant part of the
work in this cycle. If you want to support Rama, you can become a
GitHub Sponsor. If your organisation is
looking for a long-term partner around proxies, protocol work, support,
training, or custom integrations, see ramaproxy.com.
Alpha Train Recap
0.3.0-alpha.1(2025-07-07) opened the cycle with the first versions oframa-ws,rama-socks5,rama-unix, built-in Datastar support, SSE work,richer observability, PeetPrint and TLS fingerprinting improvements, protocol
peek routing, and a much larger proxy example set.
0.3.0-alpha.2(2025-08-05) added ACME support, the firstrama-cryptocrate with JOSE/JWK/JWA/JWS support, connection pooling, TCP connector pools,
WebSocket fingerprinting support, target HTTP version enforcement, and the
first anti-bot examples.
0.3.0-alpha.3(2025-08-29) promoted Windows to tier-1, added signedWindows CLI releases and
wingetpackaging, custom X.509 stores,WebSocket extensions, HTTP-to-HTTPS upgrade redirects, include-dir serving,
router quality-of-life improvements, and the unified HTTP/SOCKS proxy
connector path for
EasyWebClient.0.3.0-alpha.4(2025-12-27) carried the main architectural refactor:removal of
Context, the extensions-first design, native forked HTTPrequest/response types, service
Input/Outputnaming, CLI restructuring,HAR support, stunnel support, typed headers, NDJSON, redirects, compression
improvements, and more TLS/ACME work.
And while that was a lot already... even more happened in the 6 months after
that... While we will do our best to cover it all in this changelog, please do
always consider the code diff as the authoritative source of truth.
Highlights
Contexttype andmoved request, response, connection, transport, state and executor metadata
into extensions (Issue 462/revisit service api (core) design in 0.3 milestone# removing state from context #685, Issue 462/revisit service api (core) design in 0.3 milestone#2 moving extensions #706, Move executor to extensions #711, Issue 462/revisit service api (core) design in 0.3 milestone#4 removing context #714, Issue 462/revisit service api (core) design in 0.3 milestone#3 no remove from extensions #715, Issue 462/revisit service api (core) design in 0.3 milestone#4 state for http endpoints #720, extensions inside rama-http-core #727, New extensions using append-only vec #856, Tags for extensions using traits #869,
Custom Debug impl for Extensions #873, Connection extensions #884, Improve extensions around Upgrades #914, Extensions get_many in a single pass #956, FromExtensions support rank and one of enum variant #1001).
ServiceAPIs now speak in terms ofInputandOutputinstead of HTTP-specific request/response language,making the same stack model fit HTTP, TCP, TLS, proxy and transport layers
better (Issue 462/revisit service api (core) design in 0.3 milestone#renaming service input and output #747, Issue 462/revisit service api (core) design in 0.3 milestone#renaming service input and output #755, Make HTTP services generic over Output and Error types #878).
header behavior and URI model directly, including first-class
rama-netURIsupport, Host/Authority overhaul, path segment enrichment, query lookup and
mutation helpers, integrated original header order/casing preservation,
improved HTTP version conversions, and the removal of the external
httpcrate from the core path (Issue 692/integrate / fork http crate into rama#partially #696, rama-net: first-class URI type + Host/Authority overhaul #921, rama-net: serde Serialize/Deserialize for Uri #934, Native URI in core, drop the http crate #1006, uri: infallible PathPattern matcher + router rebuild #1027, Strengthen URI component safety #1030, Path segment enrichment #1039,
integrate original (http) order/casing directly in core rama-http-types header types #1045, Conversions between different http versions #1046, Migrate Uri imports to rama-net #1048, apple xpc + ne tproxy lifecycle fixes, uri query utils #1059).
sockets, SOCKS5, ACME, crypto, and Apple Network Extension (NE) support
(Transparent Proxy only for now, more providers to follow in later versions),
with examples and docs around real server, client, gateway and proxy use
cases (support socks5 client+server #491, add initial rama-unix implementation #582, Add acme client support #603, Issue 391/improve and refactor the crypto story in rama: rama-crypto crate and JOSE json support #611, initial version of rama-ws: WebSocket (WS) support for rama #615, add gRPC support to rama #790, DRAFT: apple network extension support in rama #836, Apple NE: XPC support, system keychain, container app refactor #875, rama-fastcgi: FastCGI gateway crate #899).
Linux and Windows, improved MITM relay behavior, certificate mirroring,
CRL/OCSP handling, native trust-store defaults, SNI routing, protocol peeking,
ALPS, zstd certificate compression, and Boring/Rustls configuration APIs
(add auto Tls acceptor service (== TlsPeekRouter) #551, TLS: Add ALPS extension support #555, support SNI proxy router #567, Add zstd certificate compression support #573, add http peek router implementation + proxy connectivity example #594, support custom x509 cert store in rama-tls-boring #677, add ALPS extension with support for new_codepoint #834, fix(tls-rustls): constrain ALPN based on TargetHttpVersion before handdshake #845, add tproxy support for linux + windows #865, tls-boring: data-driven AKI/SKI in MITM cert mirroring #900, tls-boring: derive AKI keyId from CA pubkey when CA lacks SKI #903, drop bad|unknown_certificate from CertTrust (boring MITM) #960,
tls: default rama tls clients to native system trust store #966, fix(tls-boring): correct MITM leaf cert mirroring #968, Refactor boring tls to TlsClientConfig and remove legacy ClientConfig #970, MITM OCSP stapling for re-signed leaf certs #974, Migrate server TLS to TlsServerConfig similar to clients #1015, rama-tls-boring: proxy-hosted CRL/OCSP revocation for MITM leaves #1017).
rama-clinow has a clearersend,serveand
probehierarchy, signed Windows releases,wingetpublication, stunneluse cases, curl export, HAR recording/replay, JSON selection, feed reader
support, richer echo and fingerprinting services, and Linux/Windows/macOS
release target improvements (Support stunnel-like use cases in rama-cli #629, rama-cli windows support: pre-built binaries + package publication (winget) #683, setup windows release signing using signpath (free oss) #689, add curl export support (#509) #699, Patch/rama cli refactor #732, add first tier support for Linux ARM64 / AMD64 targets using MUSL #798, improve HAR further + add doc and examples (har, replay) #810,
rama-cli: stream RSS/Atom feed responses into an interactive TUI reader #955, Add streaming JSON processing support #1043).
HTTP/1, HTTP/2, WebSocket, SOCKS5, HAProxy, file serving, URI parsing, TLS,
DNS, Apple NE FFI, log injection, path traversal, mTLS client authentication,
and release supply-chain surfaces (Adapt HTTP/2/3 requests to HTTP/1.x by merging multiple Cookie headers (RFC 6265 5.4) #770, rama-ws: security and correctness fixes #895, socks5: bug fixes, spec gaps, and tests #896, rama-net: spec audit, security hardening, compliance fixes #913, rama-haproxy: spec compliance, hardening + client-side TLV/CRC32C #916, rama-error: log-injection hardening + Option<T> parity fixes #917, fix(serve-dir): escape XSS in HtmlFileList (GHSA-cwv4-h3j5-w3cf) #945,
fix(net): canonicalize v4-mapped IPv6 targets before connecting #972, Harden client and file-serving edge cases #1003, Harden Apple NE FFI bridge #1005, [Aikido] AI Fix for Docker container runs as default root user #1021, [Aikido] AI Fix for 3rd party Github Actions should be pinned #1022, Security hardening: path traversal, command injection, unsafe audit #1023, [Aikido] Pin cross build tool to immutable commit hash in release workflow #1031, Harden include_dir extraction #1032, [Aikido] Enforce client certificate verification in BoringSSL mTLS servers #1034, fix(apple-ne): drop unsafe macOS <15 setMetadata: call #1042, Fix H2 early connection WINDOW_UPDATE replay #1054).
Added
rama-ws, including client and server handshakes,per-message deflate, HTTP/2 WebSocket support, 100% Autobahn compliance,
examples, CLI support and fingerprinting integration (initial version of rama-ws: WebSocket (WS) support for rama #615, support WS in fp service and rama-ua #632, [WS] support extensions + more WS Typed (http) Headers #663,
fix ws deflate ext issues + start tracking header byte size #672, initial attempt to enable autobahn WS client+server tests in CI #729, Issue 754/improve extensions inside/around Websockets and Upgrades #758, rama-ws: security and correctness fixes #895).
rama-grpc, including build support, examples,compression tests, health checks, gRPC-Web coverage and an OTLP exporter
path (add gRPC support to rama #790, Vendor protoc #799, Rebuild only if proto files have changed #808, feat: add OTLP gRPC exporter #815, refactor(otel): scope grpc to opt-in consumers under opentelemetry #991, refactor(grpc-otel): extract shared send_proto scaffolding #992).
feed URIs, six extension namespaces, lossless parse/serialize round-trips,
and an interactive
rama-clifeed reader (rama-http: add streaming RSS 2.0 + Atom 1.0 support #882, rama-cli: stream RSS/Atom feed responses into an interactive TUI reader #955, support rss-podcast alternate + strong typed Uris (rss/atom) #962, refactor(http): dedup RSS reader/writer boilerplate #988).rama-jsonwith streaming JSON tokenization, RFC 9535 JSONPath selection,HTTP body capture/rewrite integration, typed JSONPath builders, CLI JSON
selection, fuzz-style tests, and vendor/RFC coverage (Add streaming JSON processing support #1043).
processing, SSE response helpers, Datastar integration, declarative partial
updates and HTML rewriting/tokenizing support (Add SSE response support #576, add datastar as builtin support #599, support multiline datastar signals + add test suite server #625, add ndjson support #703,
improve json body stream #704, Implement octet stream response #718, http: multipart support + octet-stream extractor #888, add http PartialUpdates + html::marker helper #927, http: stream PartialUpdates fragments via polyfill #937, html protocol support now also rewriting/tokenizing #963, Add streaming JSON processing support #1043).
rama-fastcgi, including HTTP adapters,streaming bodies, configurable caps/timeouts, CGI constants, and PHP-FPM
TCP/Unix-socket examples that run in CI (rama-fastcgi: FastCGI gateway crate #899).
X-Robots-Tag,X-Clacks-Overhead, WebSocket headers, HSTS preload, COEP/COOP/CORP,Permissions-Policy, Referrer-Policy, Content-Type, Cache-Control,
Accept-CH and Critical-CH ([WS] support extensions + more WS Typed (http) Headers #663, support X-Robots-Tag as a typed http header #707, [620] - add X-Clacks-Overhead header support #734, rama-http-headers: typed: more security headers + manifest content type #907, typed security headers: HSTS preload, COEP/COOP/CORP, PermissionsPolicy, ReferrerPolicy chains #948, Typed ContentType + CacheControl shortcuts #953, feat(http): typed Accept-CH/Critical-CH headers #977).
redirect/rewrite/forward services, flexible upgrades, response-to-error
helpers, bounded body collection errors, and more H2 builder settings
(add http-to-https 'upgrade' Redirect (SS) service #678, advanced redirect/rewrite/forward http svc/layer #717, Flexible upgrade handling #806, body: recoverable bounded collect (collect_with + CollectError) #1025, Add support for the HTTP QUERY method (RFC 10008) #1009, Expose more H2 builder settings #1051, Expose ResponseVersionAdaptCtx fields #1056).
acceptors and connectors, SNI proxy routing, HAProxy protocol peeking,
client-side HAProxy TLV/CRC32C support, HTTP peek routing, proxy connectivity
examples, and UDP-over-TCP examples (support socks5 client+server #491, support socks5+http auto proxy acceptor #559, refactor common peek stream + support haproxy-peek #562, support SNI proxy router #567, Add multi-protocol HTTP/SOCKS5 proxy example #592, add http peek router implementation + proxy connectivity example #594,
Issue 498/support auto proxy connector http+https+socks5+socks5h #659, support + example: udp over tcp #904, rama-haproxy: spec compliance, hardening + client-side TLV/CRC32C #916).
reuse, metrics, health checks, connection identifiers, body-bound connection
release,
MaxConcurrencytracking, multiplexing connections by default forEasyHttpWebClient, and safer broken/idle connection handling (Issue 529/improve performance of easy http web client and suport custom dns resolver #571, Dont return broken connections to pool #580,Support dropping idle connections from the pool #584, Connection pool: add support for round robin reuse #636, Tcp Connector Pool #637, Add metrics support to connection pool #641, Health check logic for pooled connections #780, Connection pool drop connections that didn't receive a response #868, Connection Health #892, pool BasicHttpConnIdentifier include connector/proxy target #909, Multiplexing connection pool (default for EasyHttpWebClient) #1044).
plus XPC support, system keychain integration, Swift/C FFI support, flow
metadata propagation, wake-from-sleep handling, memory improvements and
extensive hardening (DRAFT: apple network extension support in rama #836, add tproxy support for linux + windows #865, Apple NE: XPC support, system keychain, container app refactor #875, ffi/apple/ne: ownership cleanup, FFI serialization, fail-closed port, propagate flow metadata #881, ffi/apple: tproxy stability fixes + safety hardening #887, rama-apple-ne: harden NWConnection lifecycle #905, tproxy apple: promote passthrough flows to swift (+ leak/teardown & relay hardening) #924, tproxy apple: drop per-flow duplex + bridge tasks (less memory, fewer copies) #950, tproxy apple: fix wake-from-sleep connectivity loss #954,
tproxy(apple NE): reset stale flows across a network-changing wake #965, fix(apple-ne): egress keepalive + TCP flow lifetime/leak hardening #971, fix(apple-ne): backstops for promoted-path nexus-flow leaks and dead-path strands #973, Apple NE: expose flow egress interface + remote hostname #1026).
DNS load balancing, resolver cache/picker hooks, Apple native DNS,
res_nsearch(Linux), Windows native DNS, FQDN fixes and resolver hardening(improve global and default dns logic #568, Improve acme client #702, Fix incorrect FQDN handling in Hickory DNS resolver #788, improve and refactor DNS client code (rama-dns) #833, rama-dns improvements #854, rama-dns improvements: vendor rfc3596.txt + improvements in dns resolvers #912, Switch to res_nsearch #922, dns loadbalancer #923).
fingerprinting services (feat(geo): IP geolocation for ip/echo/fp services (#188) #994).
improvements (Add acme client support #603, Improve acme client #702).
rama-cryptowith JOSE/JWK/JWA/JWS support and optionalaws-lc-rsintegration (Issue 391/improve and refactor the crypto story in rama: rama-crypto crate and JOSE json support #611, implement jwa algorithms #650, fix(rama-crypto): make aws-lc-rs optional behind aws-lc feature #847).
certificate compression, native trust-store defaults, improved Windows
certificate loading, and Boring/Rustls config refactors (TLS: Added draft GOST suite #554, TLS: Add ALPS extension support #555, Add zstd certificate compression support #573,
add more system certs for windows (default boring) #805, improve windows cert loading code + more logging #812, add ALPS extension with support for new_codepoint #834, Refactor rustls TLS config into extension pieces #961, tls: default rama tls clients to native system trust store #966, Refactor boring tls to TlsClientConfig and remove legacy ClientConfig #970).
service improvements, and redaction of fingerprint storage secrets (Issue 518/ Implement PeetPrint #585,
track, expose and UA-use priority & update h2 frames #607, Issue 517/support akamai h2 passive fingerprint #719, Patch/rama fp and macros improvements #919, refactor(net): dedup ja4 hash12 helper into shared module #981, Redact fp storage secrets in debug output #1028).
handling, OCSP stapling, proxy-hosted CRL/OCSP revocation and better Boring
relay issue classification (tls-boring: data-driven AKI/SKI in MITM cert mirroring #900, tls-boring: derive AKI keyId from CA pubkey when CA lacks SKI #903, improve boring tls relay issue classification #920, fix(tls-boring): correct MITM leaf cert mirroring #968, MITM OCSP stapling for re-signed leaf certs #974, rama-tls-boring: proxy-hosted CRL/OCSP revocation for MITM leaves #1017, send TLS close_notify on errors; add ErrorSink #1018).
rama-tls, including client hello parsing,SNI helpers, TLS fingerprinting, keylog support and common client/server
configuration building blocks (Native URI in core, drop the http crate #1006, 745: remove rama-http-types dependency from rama-tls crates #1010, Migrate server TLS to TlsServerConfig similar to clients #1015).
rama-unix, Unix FD helpers, FD limit utilities,include_dirintegration, safe filesystem helpers, append-only collections (used also
for the new and improved
Extensionstype), non-empty collection utilities,octet and duration helpers, byte/string search helpers,
BoxErrorExt,CountInput,BytesRWTracker, reactive values, owned IObuffer traits for completion-based IO and no-std-compatible subsets of
rama,rama-error,rama-macrosrama-coreandrama-net(add initial rama-unix implementation #582, integrate include_dir in rama-utils #665, feat(tcp): add into_std, into_inner, and Unix FD traits to TcpListener #776, Append only Vec #809, add rama unix utility for FD limit raise #823, introduce some minor time utilities #824, Add CountInput middleware and layer #827, Expose BytesRWTracker #842, make a subset of rama nostd compatible #872, BoxErrorExt trait to create BoxError from_static_str #967, Adopt octets kib/mib and Duration helpers #997, Initial owned IO buffer traits #1037, rama-net, rama-core and rama are now also nostd compatible (with std gates) #1047).
system-extension path, including Rust XPC primitives and Swift packages used
by the transparent proxy example (Apple NE: XPC support, system keychain, container app refactor #875).
Windows ARM CI/release support, signed Windows binaries,
wingetpublication, vendored
protoc, nextest-based testing and improved CIhardening (promote windows as tier1 target #674, rama-cli windows support: pre-built binaries + package publication (winget) #683, setup windows release signing using signpath (free oss) #689, add windows (11) arm support for CI + Release #765, switch to cargo nextest for all tests except docs #797, add first tier support for Linux ARM64 / AMD64 targets using MUSL #798, Vendor protoc #799, add scratch test for rama cli musl build #800, mdbook workflow: use rust-cache composite action for Windows retry #925, ci: pin windows runners to windows-2022 (VS2022) #976,
ci: harden cargo crates.io fetches (retry, no mux, timeout) #1000, [Aikido] Pin cross build tool to immutable commit hash in release workflow #1031).
client/server benchmarks, TLS/proxy benchmark dimensions and a
tokio-turmoilHTTP/1 client/server test (Feature 587 turmoil http.1 client-server test #642, Issue 374/Benchmark for e2e h1 client server interaction #766, Issue 374/Benchmark for e2e h1 client server interaction (#766) #816, Issue 374/Add TLS enum to benchmarks #818, Issue 374/Add proxy enums #832).SNI/TLS, SOCKS5, WebSocket, gRPC, HAR, RSS, FastCGI, multipart, SSE,
Datastar, transparent proxy operation, XPC and platform setup (improve existing docs and add protocol inspection docs #552, improve HAR further + add doc and examples (har, replay) #810,
Apple NE: XPC support, system keychain, container app refactor #875, http: multipart support + octet-stream extractor #888, rama-fastcgi: FastCGI gateway crate #899, docs: improve contributor onboarding guide and add templates #952).
of more "advanced" proxy use cases. Feedback welcome.
Changed
Contextfrom the service flow and moved state/executor metadatainto extensions;
AddExtension/GetExtensionbecameAddInputExtension/GetInputExtension, with output equivalents for outputlifecycles (Issue 462/revisit service api (core) design in 0.3 milestone# removing state from context #685, Move executor to extensions #711, Issue 462/revisit service api (core) design in 0.3 milestone#4 removing context #714, Issue 462/revisit service api (core) design in 0.3 milestone#4 state for http endpoints #720, Issue 756/Rename GetExtension to GetInputExtension and create GetOutputExtension #759, Issue 756/Rename AddExtension to AddInputExtension and add AddOutputExtension #761, do not put executor in extensions #794).
Debug,ranked extraction, multi-extraction in a single pass, and better support
around WebSocket upgrades and connection data (Issue 462/revisit service api (core) design in 0.3 milestone#3 no remove from extensions #715, Issue 754/improve extensions inside/around Websockets and Upgrades #758, Extension trait for individual extensions #811, New extensions using append-only vec #856,
Tags for extensions using traits #869, Custom Debug impl for Extensions #873, Connection extensions #884, Improve extensions around Upgrades #914, Extensions get_many in a single pass #956, FromExtensions support rank and one of enum variant #1001).
terminology moved from request/response to input/output (Issue 462/revisit service api (core) design in 0.3 milestone#renaming service input and output #747, Issue 462/revisit service api (core) design in 0.3 milestone#renaming service input and output #755, Make HTTP services generic over Output and Error types #878).
http,headers,http-body,hyper,h2,tungsteniteandtower-httppieces to support Rama's extension,protocol and fingerprinting needs while continuing to sync upstream fixes
(Issue 692/integrate / fork http crate into rama#partially #696, Patch/sync w upstream 20260510 #897, sync w/ fork h2e2826c5 => h2@d361b757 #938, sync w/ hyperium/hyper up to 54e8511 #939, sync w/ tower-rs/tower-http #940, sync w/ snapview tungstenite-rs + tokio-tungstenite #941, feat(http)!: sync latest tower-http changes #975, Patch/thirdparty upstream deps #1053).
multi-value removal (integrate original (http) order/casing directly in core rama-http-types header types #1045, Fix header map ordered multi-value removal #1055).
Allowhandling, infallible path pattern matching and route rebuilds (Router support defining routes without slash prefix #664, Patch/improved router api #741,
fix(router): return 405 with Allow header on method mismatch #844, uri: infallible PathPattern matcher + router rebuild #1027).
EasyHttpWebClientBuilderandHttpClientExtwere made more granular andflexible, with better custom DNS, connector, proxy and JIT layer support
(Issue 529/improve performance of easy http web client and suport custom dns resolver #571, Issue 590/Refactor
EasyHttpWebClientBuilderfor granular connector configuration #591, Issue 498/support auto proxy connector http+https+socks5+socks5h #659, Default http proxy connector when no protocol is set on proxy #668, attempt to make HttpClientExt more versatile #820).clearer extension/config pieces; server TLS now uses
TlsServerConfigsimilar to clients, and certificate generation moved into
rama-cryptowith rcgen/aws-lc/boring feature paths (Refactor rustls TLS config into extension pieces #961, Refactor boring tls to TlsClientConfig and remove legacy ClientConfig #970, Migrate server TLS to TlsServerConfig similar to clients #1015).
rama-net, and DNS became optionalin
rama-socks5and was completely removed fromrama-tcpandrama-udp(Move TCP client request to rama-net #1013, rmove DNS out of rama-tcp #1041).
jiff, and several utility helpers weremoved or promoted into
rama-utils(scan codebase for integration of rama time utils #825, refactor(time): switch runtime chrono usage to jiff #853, refactor(utils,net,ua): promote serde str macro to rama-utils, dedup rama-ua #990).1.96.0and the workspace uses Rust 2024 edition (Bump MSRV to Rust 1.96 #1050).Windows, Windows ARM and Linux MUSL release coverage were expanded (fix 32 bit linux build #626,
add windows (11) arm support for CI + Release #765, add first tier support for Linux ARM64 / AMD64 targets using MUSL #798).
Fixed
WINDOW_UPDATEreplay, H2 trailer/settings conformance, H2 settings mirroringin MITM relay, H2
SETTINGS-driven concurrency updates, and H2 WebSocket edgecases (track, expose and UA-use priority & update h2 frames #607, Adapt HTTP/2/3 requests to HTTP/1.x by merging multiple Cookie headers (RFC 6265 5.4) #770, mitm relay: mirror upstream h2 SETTINGS #946, Multiplexing connection pool (default for EasyHttpWebClient) #1044, Fix H2 early connection WINDOW_UPDATE replay #1054).
(Adapt HTTP/2/3 requests to HTTP/1.x by merging multiple Cookie headers (RFC 6265 5.4) #770).
timing tests (rama-ws: security and correctness fixes #895, socks5: bug fixes, spec gaps, and tests #896, fix(socks5): deflake mitm relay connect timing test #999).
extraction, symlink handling,
file://and octet-stream path handling, plusclient/file-serving edge cases (fix(serve-dir): escape XSS in HtmlFileList (GHSA-cwv4-h3j5-w3cf) #945, Harden client and file-serving edge cases #1003, Security hardening: path traversal, command injection, unsafe audit #1023, Harden include_dir extraction #1032).
safety issues (rama-net/address: domain label model + DomainTrie improvements #902, rama-net: first-class URI type + Host/Authority overhaul #921, fix(net): canonicalize v4-mapped IPv6 targets before connecting #972, rama-net: make UserInfo<->Basic conversion percent-encode/decode correct #1011, Strengthen URI component safety #1030).
on acceptors, mTLS client-auth enforcement, revocation behavior for
schannel/libcurl clients and close-notify behavior (fix(tls-boring): correct MITM leaf cert mirroring #968, fix(tls-boring): drop OS trust-store parse on acceptors #969, MITM OCSP stapling for re-signed leaf certs #974, fix(tls-boring): keep ingress SNI on MITM egress hello #1002,
rama-tls-boring: proxy-hosted CRL/OCSP revocation for MITM leaves #1017, send TLS close_notify on errors; add ErrorSink #1018, [Aikido] Enforce client certificate verification in BoringSSL mTLS servers #1034).
memory, unsafe metadata and XPC listener edge cases (ffi/apple: tproxy stability fixes + safety hardening #887, Fix Apple transparent-proxy CI and Swift FFI build #893, tproxy apple: promote passthrough flows to swift (+ leak/teardown & relay hardening) #924, tproxy apple: egress skips system proxy by default (preferNoProxies) #947,
tproxy apple: drop per-flow duplex + bridge tasks (less memory, fewer copies) #950, tproxy apple: fix wake-from-sleep connectivity loss #954, tproxy(apple NE): reset stale flows across a network-changing wake #965, fix(apple-ne): egress keepalive + TCP flow lifetime/leak hardening #971, fix(apple-ne): backstops for promoted-path nexus-flow leaks and dead-path strands #973, Harden Apple NE FFI bridge #1005, fix(apple-ne): drop unsafe macOS <15 setMetadata: call #1042, apple xpc + ne tproxy lifecycle fixes, uri query utils #1059).
OTLP exporter runtime/log support, and log-injection hardening (improve the tracing story in rama #597, Dont set span parent #604,
Fix broken tracing with multiple layers #660, Remove resource attributes from metric attributes #802, improve reported http span attributes #804, Span link to child root spans #837, Run events in span scope #838, fix HttpExporter use runtime #898, otel HttpExporter support logs #901, rama-error: log-injection hardening + Option<T> parity fixes #917).
implementation details (Fix incorrect FQDN handling in Hickory DNS resolver #788, rama-dns improvements: vendor rfc3596.txt + improvements in dns resolvers #912, Switch to res_nsearch #922).
stability, cargo fetching, pinned GitHub Actions/cross releases, non-root
Docker images, mdbook, lychee, docs.rs builds and contributor onboarding
(setup windows release signing using signpath (free oss) #689, switch to cargo nextest for all tests except docs #797, Patch/docrs improvements #889, mdbook workflow: use rust-cache composite action for Windows retry #925, docs: fix broken links reported by lychee CI #935, ci: pin windows runners to windows-2022 (VS2022) #976, ci: harden cargo crates.io fetches (retry, no mux, timeout) #1000, [Aikido] AI Fix for Docker container runs as default root user #1021, [Aikido] AI Fix for 3rd party Github Actions should be pinned #1022, [Aikido] Pin cross build tool to immutable commit hash in release workflow #1031, Patch/thirdparty upstream deps #1053,
Patch/improvements docs and ci #1058).
Removed
Contexttype from public service flow in favor ofextensions (Move executor to extensions #711, Issue 462/revisit service api (core) design in 0.3 milestone#4 removing context #714).
services, layers and connector configuration (Use connectors instead of jit req inspector #730, Remove request inspectors #750).
remove()semantics so extensions behave as append-onlybreadcrumbs (Issue 462/revisit service api (core) design in 0.3 milestone#3 no remove from extensions #715).
ClientConfigin favor of the clearerTlsClientConfigAPI (Refactor boring tls to TlsClientConfig and remove legacy ClientConfig #970), a similar change happened for server as well.httpcrate from Rama's core URI/HTTP type path and migrated URIimports into
rama-net(Native URI in core, drop the http crate #1006, Migrate Uri imports to rama-net #1048).This discussion was created from the release rama-0.3.0.
Beta Was this translation helpful? Give feedback.
All reactions