v2.10.6
Go CVEs:
Bug fixes:
- [acme] Remove backoff for http challenge (CVE-2023-47124) (#10224 by youkoulayley)
- [consul,consulcatalog] Update github.com/hashicorp/consul/api (#10220 by kevinpollet)
- [http3] Update quic-go to v0.39.1 (#10171 by tomMoulard)
- [middleware] Fix stripPrefix middleware is not applied to retried attempts (#10255 by niki-timofe)
- [provider] Refuse recursive requests (CVE-2023-47633) (#10242 by rtribotte)
- [server] Deny request with fragment in URL path (CVE-2023-47106) (#10229 by lbenguigui)
- [tracing] Remove deprecated code usage for datadog tracer (#10196 by mmatur)
Documentation:
- [governance] Update the review process and maintainers team documentation (#10230 by geraldcroes)
- [governance] Guidelines Update (#10197 by geraldcroes)
- [metrics] Add a mention for the host header in metrics headers labels doc (#10172 by rtribotte)
- [middleware] Rephrase BasicAuth and DigestAuth docs (#10226 by sssash18)
- [middleware] Improve ErrorPages examples (#10209 by arendhummeling)
- Add @lbenguigui to maintainers (#10222 by kevinpollet)