v2.10.5
Github Advisory GHSA-7v4p-328v-8v5g
Related to CVE-2023-39325
Bug fixes:
- [accesslogs] Move origin fields capture to service level (#10126 by rtribotte)
- [accesslogs] Fix preflight response status in access logs (#10142 by rtribotte)
- [acme] Update go-acme/lego to v4.14.0 (#10087 by ldez)
- [acme] Update go-acme/lego to v4.13.3 (#10077 by ldez)
- [http3] Update quic-go to v0.37.5 (#10083 by ldez)
- [http3] Update quic-go to v0.39.0 (#10137 by ldez)
- [http3] Update quic-go to v0.37.6 (#10085 by ldez)
- [http3] Update quic-go to v0.38.0 (#10086 by ldez)
- [http3] Update quic-go to v0.38.1 (#10090 by ldez)
- [kv] Ignore ErrKeyNotFound error for the KV provider (#10082 by sunyakun)
- [middleware,authentication] Adjust forward auth to avoid connection leak (#10096 by wdhongtw)
- [middleware,server] Improve CNAME flattening to avoid unnecessary error logging (#10128 by niallnsec)
- [middleware] Allow X-Forwarded-For delete operation (#10132 by rtribotte)
- [server] Update x/net and grpc/grpc-go (#10161 by rtribotte)
- [webui] Add missing accessControlAllowOriginListRegex to middleware view (#10157 by DBendit)
- Fix false positive in url anonymization (#10138 by jspdown)
Documentation:
- [acme] Change Arvancloud URL (#10115 by sajjadjafaribojd)
- [acme] Correct minor typo in crd-acme docs (#10067 by ayyron-lmao)
- [healthcheck] Remove healthcheck interval configuration warning (#10068 by rtribotte)
- [kv,redis] Docs describe the missing db parameter in redis provider (#10052 by tokers)
- [middleware] Doc fix accessControlAllowHeaders examples (#10121 by ebuildy)
- Updates business callout in the documentation (#10122 by tomatokoolaid)