From c14edb08fe238fd1360ed64060b26607813c27cf Mon Sep 17 00:00:00 2001 From: Dorian Niemiec Date: Sun, 12 May 2024 23:21:46 +0200 Subject: [PATCH] Add release dates to change logs --- source/changelog.md | 238 +++++++++++------------ source/easy-waf-integration-changelog.md | 14 +- source/forward-proxy-mod-changelog.md | 2 +- source/greenrhombus-changelog.md | 16 +- source/orangecircle-changelog.md | 28 +-- source/redbrick-changelog.md | 46 ++--- source/reverse-proxy-mod-changelog.md | 14 +- source/yellowsquare-changelog.md | 16 +- 8 files changed, 187 insertions(+), 187 deletions(-) diff --git a/source/changelog.md b/source/changelog.md index 08ff03d..5506cb3 100644 --- a/source/changelog.md +++ b/source/changelog.md @@ -5,11 +5,11 @@ date: 2023-12-21 17:10:14 --- ## SVR.JS 3.14.16 LTS - +_Released in May 6, 2024_ * Prevented DoS attacks performed with forward proxy HTTP requests with malformed URLs. ## SVR.JS 3.15.0 - +_Released in May 6, 2024_ * Changed URL parser from wrapper over WHATWG URL parser to custom regex-based URL parser. * Optimized server code. * Redesigned default error pages. @@ -17,51 +17,51 @@ date: 2023-12-21 17:10:14 * Replaced _path.extname()_ function with regex-based function. ## SVR.JS 3.14.15 - +_Released in April 29, 2024_ * Fixed crashes related to the request ID generation. * Optimized HTTP compression functionality. ## SVR.JS 3.14.14 - +_Released in April 27, 2024_ * _console.log_ and _stdout_ are now disabled, when _stdout_ is not a TTY (for example in situation when SVR.JS is running as a daemon), in order to improve performance. * Errors that occurred, while adding SNI context to a server are now ignored. ## SVR.JS 3.14.13 - +_Released in April 24, 2024_ * Optimized code. * SVR.JS now uses _os.availableParallelism()_ function for determining amount of processes to fork, when it is available. ## SVR.JS 3.14.12 - +_Released in April 13, 2024_ * Fix ".dirimages" directory returning an 500 error, if it is not present in the web root. ## SVR.JS 3.14.11 - +_Released in April 7, 2024_ * Added CVE-2024-27982 Node.JS vulnerability warning. * Fixed bug with Brotli compression not working, when SVR.JS is running on Bun. * Improved the performance of the server. ## SVR.JS 3.14.10 - +_Released in April 2, 2024_ * Disabled trailing slash removal for proxy requests. ## SVR.JS 3.14.9 - +_Released in April 2, 2024_ * Changed default file extensions compression exclude list. * Lifted _scrypt_ restrictions on Bun. * Optimized server script size (268 KiB => 256 KiB). * The compression exclude list is now in SVR.JS itself. ## SVR.JS 3.14.8 - +_Released in March 29, 2024_ * Fixed bug with _res.writeHead_ method. ## SVR.JS 3.14.7 - +_Released in March 19, 2024_ * Fixed bug with request domain names not showing in server logs. ## SVR.JS 3.14.6 - +_Released in March 17, 2024_ * Added CVE-2024-22019 Node.JS vulnerability warning. * Improved protection against user enumeration in HTTP authentication. * Replaced block list message with generic 403 Forbidden error. @@ -71,54 +71,54 @@ date: 2023-12-21 17:10:14 * When "block localhost" CLI command is executed, SVR.JS now adds "localhost" to the block list instead of "::ffff:localhost". ## SVR.JS 3.14.5 - +_Released in March 9, 2024_ * Fixed "www." URL redirect functionality. * Improved HTTP/1.x API compatibility with HTTP/2. ## SVR.JS 3.14.4 - +_Released in March 3, 2024_ * Updated _tar_ and _graceful-fs_ libraries. * Added support for URLs with double slashes. * Rewritten HTTP to HTTPS redirect functionality. * Changed default directory listing icons. ## SVR.JS 3.14.3 - +_Released in February 11, 2024_ * Fixed bug with URLs beginning with multiple slashes being rewritten incorrectly. ## SVR.JS 3.14.2 - +_Released in February 7, 2024_ * Added new SVR.JS mod and server-side JavaScript property: _authUser_. ## SVR.JS 3.14.1 - +_Released in February 2, 2024_ * Added support for IP-based virtual hosts. * Fixed SVR.JS crashes with _X-SVR-JS-From-Main-Thread_ header and unknown client IPs. ## SVR.JS 3.4.42 LTS - +_Released in February 2, 2024_ * Custom head and foot inclusion is now returning 500 error in case of server error instead of crashing the server. ## SVR.JS 3.14.0 - +_Released in January 24, 2024_ * Added new _config.json_ properties: _useClientCertificate_, _rejectUnauthorizedClientCertificates_, _cipherSuite_, _ecdhCurve_, _tlsMinVersion_, _tlsMaxVersion_, _signatureAlgorithms_ and _http2Settings_. * Added support for web root postfixes (along with postfix prefixes). * Custom head and foot inclusion is now returning 500 error in case of server error instead of crashing the server. ## SVR.JS 3.13.1 - +_Released in January 18, 2024_ * Fixed error handling for invalid URL rewrite regexes. * Fixed bug with non-working HTTP proxy handler (excluding CONNECT method). ## SVR.JS 3.4.41 LTS - +_Released in January 14, 2024_ * Removed all remnants of "DorianTech". * Mitigated log file injection vulnerability for HTTP authentication. * Mitigated log file injection vulnerability for SVR.JS mod file names. * SVR.JS no longer crashes, when access to a log file is denied. ## SVR.JS 3.13.0 - +_Released in January 14, 2024_ * Added support for skipping URL rewriting, when the URL refers to a file or a directory. * Dropped support for svrmodpack. * Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method). @@ -127,32 +127,32 @@ date: 2023-12-21 17:10:14 * SVR.JS no longer crashes, when access to a log file is denied. ## SVR.JS 3.12.3 - +_Released in December 30, 2023_ * Removed all remnants of "DorianTech". * Fixed bug with wildcard in domain name selectors. ## SVR.JS 3.12.2 - +_Released in December 16, 2023_ * SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities. * Add _Host_ header pre-processing. * Changed SNI regular expression generation function. ## SVR.JS 3.4.40 LTS - +_Released in December 16, 2023_ * SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities. ## SVR.JS 3.12.1 - +_Released in December 12, 2023_ * Added client errors, server errors, and malformed HTTP request counts to SVR.JS status page. * Fixed multiple XSS vulnerabilities. ## SVR.JS 3.4.39 LTS - +_Released in December 12, 2023_ * Invalid compression exclusion list regexes no longer crash SVR.JS. * Fixed multiple XSS vulnerabilities. ## SVR.JS 3.12.0 - +_Released in December 3, 2023_ * Added trailing slash redirect support. * Added new _config.json_ property — _environmentVariables_. * Replaces base 1000 size prefixes with base 1024 ones. @@ -161,62 +161,62 @@ date: 2023-12-21 17:10:14 * Corrected language errors — replaced _recieve_ with _receive_. ## SVR.JS 3.4.38 LTS - +_Released in November 12, 2023_ * SVR.JS now sends configuration file saving request to one random good worker instead of all workers to prevent configuration file corruption. * Fixed crashes due to destroyed HTTP/2 stream (Node.JS bug: [https://github.com/nodejs/node/issues/24470](https://github.com/nodejs/node/issues/24470)) * Fixed crash while trying to report communication problem with workers. ## SVR.JS 3.11.0 - +_Released in November 12, 2023_ * SVR.JS now sends configuration file saving request to one random good worker instead of all workers to prevent configuration file corruption. * Fixed crashes due to destroyed HTTP/2 stream (Node.JS bug: [https://github.com/nodejs/node/issues/24470](https://github.com/nodejs/node/issues/24470)) * Fixed language errors in HTTP error code descriptions, error console messages and the index page. * Updated the logo in the SVR.JS log viewer. ## SVR.JS 3.4.37 LTS - +_Released in September 17, 2023_ * Fixed bug with non-standard code regex replacements ## SVR.JS 3.10.3 - +_Released in September 17, 2023_ * Fixed bug with non-standard code regex replacements ## SVR.JS 3.10.2 - +_Released in September 12, 2023_ * Fixed bug with mods (and server-side JavaScript) executing in wrong order (bug was related with access control vulnerability fix; bug was not present in LTS versions) ## SVR.JS 3.4.36 LTS - +_Released in September 12, 2023_ * Removed undocumented and non-working code. * Fixed bug: _.notindex_ files in directories now no longer cause server timeouts caused by non-working undocumented code. ## SVR.JS 3.10.1 - +_Released in September 12, 2023_ * Dropped _pretty-bytes_ dependency. * Removed undocumented and non-working code. * Fixed bug: _.notindex_ files in directories now no longer cause server timeouts caused by non-working undocumented code. * Replaced function converting byte count to human-readable representation with new one. ## SVR.JS 3.4.35 LTS - +_Released in September 11, 2023_ * Added warning about worker count being limited to one when using Bun 1.0 and newer with shimmed (not native) clustering module. * Disabled server-side JavaScript bug workaround for Bun 1.0 and newer (it's not needed anymore for these Bun versions). * Improved clustering shim for Bun. ## SVR.JS 3.10.0 - +_Released in September 11, 2023_ * Added warning about worker count being limited to one when using Bun 1.0 and newer with shimmed (not native) clustering module. * Disabled server-side JavaScript bug workaround for Bun 1.0 and newer (it's not needed anymore for these Bun versions). * Improved clustering shim for Bun. * Improved web root error handling. ## SVR.JS 3.4.34 LTS - +_Released in September 10, 2023_ * Changed _enableRemoteLogBrowsing_ property to be `false` by default. * Mitigated security vulnerability: Sensitive data is no longer leaked from temp directory inside SVR.JS installation directory. ## SVR.JS 3.9.6 - +_Released in September 10, 2023_ * Changed _enableRemoteLogBrowsing_ property to be `false` by default. * Fixed log files only partially saving on failed master startup. * Mitigated security vulnerability: Sensitive data is no longer leaked from temp directory inside SVR.JS installation directory. @@ -245,14 +245,14 @@ _This version is unpublished and no longer available for download, because of fa _This version is unpublished and no longer available for download, because of failed security vulnerability mitigation._ ## SVR.JS 3.4.32 LTS - +_Released in September 8, 2023_ * Added "svrmodpack" deprecation warning. * Removed unmaintained primitive analytics mod. * Removed unmaintained and undocumented hexstrbase64 library. * Added TypeError workaround for Bun 1.0.0 ## SVR.JS 3.9.4 - +_Released in September 8, 2023_ * Changed warning about no support for HTTP/2. * Added "svrmodpack" deprecation warning. * Removed unmaintained primitive analytics mod. @@ -260,31 +260,31 @@ _This version is unpublished and no longer available for download, because of fa * Added TypeError workaround for Bun 1.0.0 ## SVR.JS 3.4.31 LTS - +_Released in September 7, 2023_ * Mitigated security vulnerability: SVR.JS mods and server-side JavaScript not using href or uobject.pathname in some path checks are no longer vulnerable to access control bypass (from SVR.JS configuration). ## SVR.JS 3.9.3 - +_Released in September 7, 2023_ * Mitigated security vulnerability: SVR.JS mods and server-side JavaScript not using href or uobject.pathname in some path checks are no longer vulnerable to access control bypass (from SVR.JS configuration). ## SVR.JS 3.4.30 LTS - +_Released in September 6, 2023_ * Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url are no longer vulnerable to path traversal (not including query strings). ## SVR.JS 3.9.2 - +_Released in September 6, 2023_ * Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url are no longer vulnerable to path traversal (not including query strings). ## SVR.JS 3.4.29 LTS - +_Released in September 5, 2023_ * Added new config.json property - exposeModsInErrorPages ## SVR.JS 3.9.1 - +_Released in September 5, 2023_ * Added new config.json property - exposeModsInErrorPages ## SVR.JS 3.9.0 - +_Released in September 3, 2023_ * Dropped support for undocumented unused non-standard SVR.JS-specific headers. * Fixed bug with _wwwredirect_. * Replaced HTTP => HTTPS redirect handler @@ -294,26 +294,26 @@ _This version is unpublished and no longer available for download, because of fa * Added validation of X-Forwarded-For header ## SVR.JS 3.4.28 LTS - +_Released in September 3, 2023_ * Added validation for X-Forwarded-For header. ## SVR.JS 3.4.27 LTS - +_Released in September 2, 2023_ * Dropped support for undocumented unused non-standard SVR.JS-specific headers. * Fixed bug with _wwwredirect_. ## SVR.JS 3.4.26 LTS - +_Released in September 2, 2023_ * Changed default SVR.JS configuration. * Disabled server-side script exposure by default. ## SVR.JS 3.8.1 - +_Released in September 2, 2023_ * Changed default SVR.JS configuration. * Disabled server-side script exposure by default. ## SVR.JS 3.8.0 - +_Released in September 1, 2023_ * Added partial virtual hosting support * Added _host_ field to _nonStandardCodes_ and _rewriteMap_ properties. * Added _userList_ field to _nonStandardCodes_ properties (with _scode_ set to 401). @@ -321,46 +321,46 @@ _This version is unpublished and no longer available for download, because of fa * Improved HTTP authentication error handling. ## SVR.JS 3.4.25 LTS - +_Released in August 31, 2023_ * Improved HTTP authentication error handling. * Updated SVR.JS license. ## SVR.JS 3.7.5 - +_Released in August 29, 2023_ * Fixed non-working blacklist. * Updated SVR.JS license. ## SVR.JS 3.4.24 LTS - +_Released in August 28, 2023_ * Added reverse DNS lookup support. ## SVR.JS 3.7.4 - +_Released in August 28, 2023_ * Added reverse DNS lookup support. ## SVR.JS 3.4.23 LTS - +_Released in August 25, 2023_ * Fixed server crashes while one of two ports are in use ## SVR.JS 3.7.3 - +_Released in August 25, 2023_ * Fixed server crashes while one of two ports are in use ## SVR.JS 3.4.22 LTS - +_Released in August 21, 2023_ * ENAMETOOLONG errors now correspond to 414 code. * EMFILE errors now correspond to 503 code. ## SVR.JS 3.7.2 - +_Released in August 21, 2023_ * ENAMETOOLONG errors now correspond to 414 code. ## SVR.JS 3.7.1 - +_Released in August 21, 2023_ * Fixed bug with SVR.JS hang-up check requests logged in server logs (bug occurred on upstream Node.JS v12.22.12). ## SVR.JS 3.4.21 LTS - +_Released in August 20, 2023_ * Changed descriptions of 501 and 503 errors. * Disabled open proxy in default server-side JavaScript. * Fixed NotImplementedError in "cluster" module when running SVR.JS on newer versions of Bun. @@ -371,7 +371,7 @@ _This version is unpublished and no longer available for download, because of fa * Updated svrpasswd tool. ## SVR.JS 3.7.0 - +_Released in August 20, 2023_ * Added new config.json property - disableUnusedWorkerTermination. * Added option to rewrite "dirty" URLs - rewriteDirtyURLs. * Added PBKDF2 and scrypt support for HTTP authentication. @@ -391,117 +391,117 @@ _This version is unpublished and no longer available for download, because of fa * Updated svrpasswd tool. ## SVR.JS 3.4.20 LTS - +_Released in August 4, 2023_ * Improved reliability while loading server-side JavaScript. ## SVR.JS 3.6.4 - +_Released in August 4, 2023_ * Improved reliability while loading server-side JavaScript. ## SVR.JS 3.4.19 LTS - +_Released in August 3, 2023_ * Fixed bug with directory listing generating invalid HTML with custom head containing __ tag with attributes. ## SVR.JS 3.6.3 - +_Released in August 3, 2023_ * Fixed bug with directory listing generating invalid HTML with custom head containing __ tag with attributes. ## SVR.JS 3.4.18 LTS - +_Released in August 2, 2023_ * Fixed bug with ENOTDIR error (was 500, now it's 404). * Fixed bug with forbidden path checker. ## SVR.JS 3.6.2 - +_Released in August 2, 2023_ * Fixed bug with ENOTDIR error (was 500, now it's 404). * Fixed bug with forbidden path checker. * Optimized regular expression creating function. ## SVR.JS 3.4.17 LTS - +_Released in July 28, 2023_ * Improved URL sanitizer. * Fixed bug with formidable wrapper. ## SVR.JS 3.6.1 - +_Released in July 28, 2023_ * Added support for ETags. * Added new config.json property: enableETag. * Improved URL sanitizer. * Fixed bug with formidable wrapper. ## SVR.JS 3.6.0 - +_Released in July 28, 2023_ * Optimized sanitized URL comparison function. * Expanded warning messages. * Added support for Unix sockets and Windows named pipes. * Cleaned up SVR.JS code. ## SVR.JS 3.4.16 LTS - +_Released in July 26, 2023_ * Improved URL sanitizer and mitigates security vulnerability: attacker could use "..." to traverse directories, while SVR.JS is run in Windows. * Cleaned up code. ## SVR.JS 3.5.6 - +_Released in July 26, 2023_ * Improved URL sanitizer and mitigates security vulnerability: attacker could use "..." to traverse directories, while SVR.JS is run in Windows. * Cleaned up code. ## SVR.JS 3.4.15 LTS - +_Released in July 18, 2023_ * Fixed broken URL sanitation redirect. * Improved URL sanitizer. ("%2F" now turns into "/" instead of "%252F") ## SVR.JS 3.5.5 - +_Released in July 18, 2023_ * Fixed broken URL sanitation redirect. * Improved URL sanitizer. ("%2F" now turns into "/" instead of "%252F") ## SVR.JS 3.4.14 LTS - +_Released in July 18, 2023_ * Fixed bug: SVR.JS mods now load reliably with multiple threads on startup. ## SVR.JS 3.5.4 - +_Released in July 18, 2023_ * Fixed bug: SVR.JS mods now load reliably with multiple threads on startup. ## SVR.JS 3.4.13 LTS - +_Released in July 17, 2023_ * Improved compatibility with Bun 0.9.14. * Replaced more blocking system calls with non-blocking ones. ## SVR.JS 3.5.3 - +_Released in July 17, 2023_ * Improved compatibility with Bun 0.9.14. ## SVR.JS 3.5.2 - +_Released in July 17, 2023_ * Replaced more blocking system calls with non-blocking ones. ## SVR.JS 3.5.1 - +_Released in July 16, 2023_ * Added better HTTP error handler. ## SVR.JS 3.4.12 LTS - +_Released in July 16, 2023_ * Added better HTTP error handler. ## SVR.JS 3.5.0 - +_Released in July 16, 2023_ * Dropped support for Node.JS 8.x and 9.x. * Directory listing icons now show even, if ".dirimages" directory is missing from web root. * Updated formidable module. ## SVR.JS 3.4.11 LTS - +_Released in July 16, 2023_ * Added support for Brotli compression. ## SVR.JS 3.4.10 - +_Released in July 15, 2023_ * Added OCSP module loading failure warning. * SVR.JS now displays error message, when it's run on JS runtime non-compatible with Node.JS. ## SVR.JS 3.4.9 - +_Released in July 14, 2023_ * Added new config.json option: enableOCSPStapling. * Added support for OCSP stapling. * Added new dependency: ocsp @@ -509,40 +509,40 @@ _This version is unpublished and no longer available for download, because of fa * Optimized HTTP basic authentication algorithm. ## SVR.JS 3.4.8 - +_Released in July 13, 2023_ * Added HTTP authentication brute force protection. ## SVR.JS 3.4.7 - +_Released in July 11, 2023_ * Fixed SVR.JS crashing on Node.JS 8.x and 9.x. ## SVR.JS 3.4.6 - +_Released in July 10, 2023_ * Improved reliability in loading mods, server-side JavaScript and saving configuration file. ## SVR.JS 3.4.5 - +_Released in July 9, 2023_ * Fixed bug with custom head and SVR.JS status page. ## SVR.JS 3.4.4 - +_Released in July 7, 2023_ * req.socket.realRemoteAddress and res.socket.realRemotePort are now original users remote address and port respectively. ## SVR.JS 3.4.3 - +_Released in July 7, 2023_ * Fixed bug related with saving config.json. * Disabled gzip compression for .gz files. ## SVR.JS 3.4.2 - +_Released in July 7, 2023_ * Fixed bug with regular expression non-standard HTTP status codes. ## SVR.JS 3.4.1 - +_Released in July 5, 2023_ * SVR.JS now uses 2 public IP providers: SeeIP.org and ipify. ## SVR.JS 3.4.0 - +_Released in July 4, 2023_ * autocannon is no longer included with SVR.JS. * Fixed requirement on pretty-bytes library. * Removed version field from config.json @@ -551,15 +551,15 @@ _This version is unpublished and no longer available for download, because of fa * SVR.JS no longer displays native Node.JS error message, while SVR.JS is run on read-only file system. ## SVR.JS 3.3.3 - +_Released in July 3, 2023_ * Improved reliability of loading mods and server-side JavaScript. ## SVR.JS 3.3.2 - +_Released in July 2, 2023_ * Calling callServerError or res.writeHead mutltiple times now invokes a warning instead of crashing SVR.JS. ## SVR.JS 3.3.1 - +_Released in July 1, 2023_ * Fixed bug: Logs didn't save during crash report generation. * Fixed bug: Worker crashes didn't display message about starting new workers. * Fixed bug with SVR.JS status page. @@ -568,34 +568,34 @@ _This version is unpublished and no longer available for download, because of fa * SVR.JS now uses WHATWG URL parser instead of deprecated url.parse() function. ## SVR.JS 3.3.0 - +_Released in June 29, 2023_ * SVR.JS now forks itself at startup as many times the CPU host has cores (max 16 cores). * Fixed bug and potential security vulnerability: Non-standard codes didn't work, and thus attackers could bypass HTTP authentication. ## SVR.JS 3.2.1 - +_Released in June 28, 2023_ * Optimized SVR.JS blacklist and path sanitation code. * Mitigated security vulnerability: Attacker could access directory listing of directory above web root using "/.." path. ## SVR.JS 3.2.0 - +_Released in June 28, 2023_ * Optimized SVR.JS code. * Logs from single-threaded SVR.JS now begin with "singlethread". * Cyclic links now causes server to return 508 error instead of 404 error. ## SVR.JS 3.1.2 - +_Released in June 27, 2023_ * Improved forbidden paths access control. ## SVR.JS 3.1.1 - +_Released in June 26, 2023_ * SVR.JS is now able to run on Node.JS versions without crypto. * Changed IP provider to SeeIP (used, when crypto support is available). * Added new server status metrics: CPU usage percentage, Average request rate. * Added new command: restart. ## SVR.JS 3.1.0 - +_Released in June 26, 2023_ * SVR.JS is now able to run on Node.JS versions without crypto. * Added HTTP/2 no-support indication for Bun. * Added more indication of request methods. @@ -603,20 +603,20 @@ _This version is unpublished and no longer available for download, because of fa * Updated supplied tar and minipass modules. ## SVR.JS 3.0.3 - +_Released in June 26, 2023_ * Changed public IP provider to ipify. ## SVR.JS 3.0.2 - +_Released in June 25, 2023_ * Fixed server-side JavaScript handling. ## SVR.JS 3.0.1 - +_Released in June 25, 2023_ * Improved error stack generation. * SVR.JS now serves files from directory on which script resides, unless wwwroot is specified. ## SVR.JS 3.0.0 - +_Released in June 25, 2023_ * 502 errors now logs their stacks. * Added better exception handler. * Added callServerError function for use in server-side JavaScript and mods. @@ -762,27 +762,27 @@ _This version is unpublished and no longer available for download, because of fa * Using SVR.JS as an proxy without proxy mod now returns no-proxy message. ## SVR.JS 2.1.4 - +_Released in June 18, 2023_ * Fixed security vulnerability: Attacker could used encoded characters to bypass access restrictions. (fix backported from SVR.JS 3.0.0-beta19) * Fixed access control bypass vulnerability, when server is run in Windows (fix backported from SVR.JS 3.0.0-beta19) ## SVR.JS 2.1.3 - +_Released in May 13, 2023_ * Added new config.json properties: exposeServerVersion and stackHidden (backported from SVR.JS 3.0.0-beta1) * Fixed path traversal vulnerability (fix backported from SVR.JS 3.0.0-beta1) * Fixed access control bypass vulnerability, when server is run in Windows (fix backported from SVR.JS 3.0.0-beta1) * Fixed server crash on malformed URL (fix backported from SVR.JS 3.0.0-beta1) ## SVR.JS 2.1.2 - +_Released in August 23, 2020_ * Methods other than "POST", "GET", "OPTIONS" and "HEAD" are allowed. ## SVR.JS 2.1.1 - +_Released in August 23, 2020_ * Fixed security vulnerability using directory listing to access secret files. ## SVR.JS 2.1.0 - +_Released in August 22, 2020_ * Added new property of config.json "enableDirectoryListingWithDefaultHead". * Added personalization of directory listing. * Added compability with Node.JS v8.10.0 @@ -793,7 +793,7 @@ _This version is unpublished and no longer available for download, because of fa * Deleted analytics inside SVR.JS - those analytics are now in seperate mod, of which SVR.JS comes with it. ## SVR.JS 2.0.0 - +_Released in August 21, 2020_ * Added support for .tar.gz mods and server side Javascript in .JS file. * Moved directory listing icons to seperate directory. * Replaced ASCII Art. @@ -811,17 +811,17 @@ _This version is unpublished and no longer available for download, because of fa * Deleted "getip" command. ## SVR.JS 1.2.2 - +_Released in August 16, 2020_ * Fixed bug, which caused mojibake in Unicode files. * Fixed bug, which caused SVR.JS to require SSL certificate, even if HTTPS mode is disabled. * Fixed bug, which caused SVR.JS to crash, if no mods are loaded. * Fixed bug, which caused SVR.JS to display blank directory, if URL is with query. ## SVR.JS 1.2.1 - +_Released in August 14, 2020_ * Fixed bug, which caused SVR.JS in Ubuntu to not work * Added platform showing ## SVR.JS 1.2.0 - +_Released in August 5, 2020_ * First released version of SVR.JS diff --git a/source/easy-waf-integration-changelog.md b/source/easy-waf-integration-changelog.md index 915b23f..c7595ba 100644 --- a/source/easy-waf-integration-changelog.md +++ b/source/easy-waf-integration-changelog.md @@ -4,35 +4,35 @@ date: 2024-01-29 22:33:27 --- ## easy-waf integration 1.2.4 - +_Released in February 14, 2024_ * easy-waf integration now waits for specific length of the request instead of immediately processing it. * Added configurable strict request size limit. * easy-waf integration now reverts the _req.body_ variable after inspecting the request body via easy-waf. ## easy-waf integration 1.2.3 - +_Released in February 4, 2024_ * Full request URL is now visible in the notification email. ## easy-waf integration 1.2.2 - +_Released in January 22, 2024_ * Some WAF errors now result in 500 errors instead of crashing the server. ## easy-waf integration 1.2.1 - +_Released in October 11, 2023_ * Improved the error handling of code executed behind the WAF. ## easy-waf integration 1.2.0 - +_Released in August 30, 2023_ * Added email notifiaction support * Added custom hooks support ## easy-waf integration 1.1.2 - +_Released in July 30, 2023_ * Stability fixes * Added support for _config.json_ file in the SVR.JS installation directory ## easy-waf integration 1.1.1 - +_Released in July 30, 2023_ * Added support for regex strings (like in SVR.JS) ## Earlier versions diff --git a/source/forward-proxy-mod-changelog.md b/source/forward-proxy-mod-changelog.md index fc9f7ce..26f1d65 100644 --- a/source/forward-proxy-mod-changelog.md +++ b/source/forward-proxy-mod-changelog.md @@ -4,5 +4,5 @@ date: 2024-04-14 17:19:46 --- ## forward-proxy-mod 1.0.0 - +_Released in April 14, 2024_ * First forward-proxy-mod release. diff --git a/source/greenrhombus-changelog.md b/source/greenrhombus-changelog.md index bf6a444..3cc1c3e 100644 --- a/source/greenrhombus-changelog.md +++ b/source/greenrhombus-changelog.md @@ -4,33 +4,33 @@ date: 2024-02-16 20:10:14 --- ## GreenRhombus 1.0.7 - +_Released in May 3, 2024_ * Fixed mojibake in response, when SVR.JS is running on Bun ## GreenRhombus 1.0.6 - +_Released in May 1, 2024_ * Fixed FastCGI connections not closing properly, when SVR.JS is running on Bun ## GreenRhombus 1.0.5 - +_Released in April 24, 2024_ * Responses are no longer swapped with each other. ## GreenRhombus 1.0.4 - +_Released in February 22, 2024_ * Requests are no longer intermittently dropped under load. ## GreenRhombus 1.0.3 - +_Released in February 21, 2024_ * Prevented "write after end" SVR.JS crashes. ## GreenRhombus 1.0.2 - +_Released in February 20, 2024_ * Prevented SVR.JS crashes due to the EOF of the _stderr_ stream. ## GreenRhombus 1.0.1 - +_Released in February 18, 2024_ * Overloaded FastCGI server now results in 429 Too Many Requests status code. ## GreenRhombus 1.0.0 - +_Released in February 16, 2024_ * First release diff --git a/source/orangecircle-changelog.md b/source/orangecircle-changelog.md index 44159a8..fc9cc96 100644 --- a/source/orangecircle-changelog.md +++ b/source/orangecircle-changelog.md @@ -4,61 +4,61 @@ date: 2024-01-29 20:21:43 --- ## OrangeCircle 1.2.1 - +_Released in May 3, 2024_ * Fixed mojibake in response, when SVR.JS is running on Bun ## OrangeCircle 1.2.0 - +_Released in February 16, 2024_ * Reduced buffer memory leaks. * Improved performace by using streams after the header processing. * Prevented server crashes caused by header write errors ## OrangeCircle 1.1.3 - +_Released in February 11, 2024_ * All responses with Location header are now 3xx redirects. ## OrangeCircle 1.1.2 - +_Released in February 7, 2024_ * OrangeCircle no longer sets *AUTH_TYPE* and *REMOTE_USER* environment variables, when 401 code is not specified in SVR.JS configuration. ## OrangeCircle 1.1.1 - +_Released in January 29, 2024_ * Fixed bug with URLs containing URL-encoded characters. ## OrangeCircle 1.1.0 - +_Released in December 31, 2023_ * Removed "DorianTech" from _mod.info_ file. * OrangeCircle no longer crashes when broken SVR.JS config is loaded. * Changed error handling. ## OrangeCircle 1.0.7 - +_Released in September 15, 2023_ * Fixed OrangeCircle not working in external web root setups. ## OrangeCircle 1.0.6 - +_Released in September 3, 2023_ * Fixed bug with *REMOTE_PORT* environment variable. ## OrangeCircle 1.0.5 - +_Released in August 27, 2023_ * Added support for *SERVER_ADMIN* environment variable. ## OrangeCircle 1.0.4 - +_Released in August 26, 2023_ * Added support for "\n\r" line endings in CGI response. ## OrangeCircle 1.0.3 - +_Released in August 21, 2023_ * Added _HTTPS_ environment variable support. ## OrangeCircle 1.0.2 - +_Released in August 14, 2023_ * Mitigated configuration file leakage vulnerability in Windows. ## OrangeCircle 1.0.1 - +_Released in August 12, 2023_ * Improved the error handling. ## OrangeCircle 1.0.0 - +_Released in August 11, 2023_ * First OrangeCircle release. diff --git a/source/redbrick-changelog.md b/source/redbrick-changelog.md index 4fa1822..9d9e6a8 100644 --- a/source/redbrick-changelog.md +++ b/source/redbrick-changelog.md @@ -4,48 +4,48 @@ date: 2024-01-29 20:21:43 --- ## RedBrick 2.6.2 - +_Released in May 3, 2024_ * Fixed mojibake in response, when SVR.JS is running on Bun ## RedBrick 2.6.1 - +_Released in March 29, 2024_ * Fixed "write after end" crashes. ## RedBrick 2.6.0 - +_Released in February 16, 2024_ * Reduced buffer memory leaks. * Improved performace by using streams after the header processing. * Prevented server crashes caused by header write errors * Added _stderr_ logging. ## RedBrick 2.5.6 - +_Released in February 15, 2024_ * Fixed bug with URLs containing "cgi-bin" that don't refer to "cgi-bin" directory in the web root. ## RedBrick 2.5.5 - +_Released in February 11, 2024_ * All responses with Location header are now 3xx redirects. ## RedBrick 2.5.4 - +_Released in February 7, 2024_ * RedBrick no longer sets *AUTH_TYPE* and *REMOTE_USER* environment variables, when 401 code is not specified in SVR.JS configuration. ## RedBrick 2.5.3 - +_Released in January 29, 2024_ * Fixed bug with URLs containing URL-encoded characters. ## RedBrick 2.5.2 - +_Released in December 31, 2023_ * Removed "DorianTech" from _mod.info_ file. * RedBrick no longer crashes when broken SVR.JS config is loaded. ## RedBrick 2.5.1 - +_Released in December 3, 2023_ * Fixed bug with too long URLs causing server to not respond. * Added support for _exposeModsInErrorPages_ _config.json_ property. ## RedBrick 2.5.0 - +_Released in November 23, 2023_ * Added support for CGI execution outside the _cgi-bin_ directory. * Fixed "broken access control" (it hid configuration files, but it returned 200 OK instead of 403 Forbidden) * Changed error handling. @@ -54,58 +54,58 @@ date: 2024-01-29 20:21:43 * Dropped _.cmd_ default prefix. ## RedBrick 2.4.3 - +_Released in September 15, 2023_ * Fixed RedBrick not working in external web root setups. ## RedBrick 2.4.2 - +_Released in September 3, 2023_ * Fixed bug with *REMOTE_PORT* environment variable. ## RedBrick 2.4.1 - +_Released in August 30, 2023_ * Improved CGI response parser. * Narrowed down conditions for CGI execution for security reasons. ## RedBrick 2.4.0 - +_Released in August 27, 2023_ * Added support for *SERVER_ADMIN* environment variable. * Improved the CGI program preparation and startup. ## RedBrick 2.3.6 - +_Released in August 26, 2023_ * Fixed RedBrick not working in Windows. ## RedBrick 2.3.5 - +_Released in August 21, 2023_ * Added support for "\n\r" line endings in CGI response. ## RedBrick 2.3.4 - +_Released in August 19, 2023_ * Added _index.cgi_ file support. * Added _HTTPS_ environment variable support. ## RedBrick 2.3.3 - +_Released in August 14, 2023_ * Mitigated source code leakage (through using "CGI-BIN" instead of "cgi-bin") in Windows ## RedBrick 2.3.2 - +_Released in August 10, 2023_ * Fixed _redbrick-interpreters.json_ file loading. ## RedBrick 2.3.1 - +_Released in August 2, 2023_ * The *REQUEST_URI* environment variable now includes rewritten URLs. ## RedBrick 2.3.0 - +_Released in August 2, 2023_ * Made it work with PHP-CGI ## RedBrick 2.2.0 - +_Released in August 2, 2023_ * Replaced some blocking calls with non-blocking ones. ## RedBrick 2.1.1 - +_Released in July 30, 2023_ * Mitigated configuration file leakage (_redbrick-interpreters.json_ file). ## Earlier versions diff --git a/source/reverse-proxy-mod-changelog.md b/source/reverse-proxy-mod-changelog.md index da635f5..5139020 100644 --- a/source/reverse-proxy-mod-changelog.md +++ b/source/reverse-proxy-mod-changelog.md @@ -4,32 +4,32 @@ date: 2024-01-29 20:52:59 --- ## reverse-proxy-mod 1.1.4 - +_Released in April 19, 2024_ * Fix path-based reverse proxy request URLs ## reverse-proxy-mod 1.1.3 - +_Released in December 31, 2023_ * Fixed bug with wildcard in domain name selectors. ## reverse-proxy-mod 1.1.2 - +_Released in September 4, 2023_ * Fixed server crashes with invalid HTTP/2 status codes. ## reverse-proxy-mod 1.1.1 - +_Released in September 1, 2023_ * Add support for reverse proxy paths. ## reverse-proxy-mod 1.1.0 - +_Released in August 26, 2023_ * Add support for HTTP upgrades. ## reverse-proxy-mod 1.0.4 - +_Released in August 15, 2023_ * Improved the error handling. * Mitigated configuration file leakage vulnerability. ## reverse-proxy-mod 1.0.3 - +_Released in August 3, 2023_ * Reverse proxies with this mod no longer establish keep alive connections, instead establishing connections with _Response_ header set to _Close_ in upstream servers. ## Earlier versions diff --git a/source/yellowsquare-changelog.md b/source/yellowsquare-changelog.md index be6c2e4..d5fdc58 100644 --- a/source/yellowsquare-changelog.md +++ b/source/yellowsquare-changelog.md @@ -4,35 +4,35 @@ date: 2024-01-29 20:21:43 --- ## YellowSquare 1.1.3 - +_Released in February 15, 2024_ * Fixed bug with URLs containing "jsgi-bin" that don't refer to "jsgi-bin" directory in the web root. ## YellowSquare 1.1.2 - +_Released in February 7, 2024_ * YellowSquare no longer sets _authType_ and _remoteUser_ JSGI properties, when 401 code is not specified in SVR.JS configuration. ## YellowSquare 1.1.1 - +_Released in January 29, 2024_ * Fixed bug with URLs containing URL-encoded characters. ## YellowSquare 1.1.0 - +_Released in December 31, 2023_ * Removed "DorianTech" from _mod.info_ file. * YellowSquare no longer crashes when broken SVR.JS config is loaded. * Changed error handling. ## YellowSquare 1.0.3 - +_Released in September 15, 2023_ * Fixed YellowSquare not working in external web root setups. ## YellowSquare 1.0.2 - +_Released in September 3, 2023_ * Fixed bug with _remotePort_ property. ## YellowSquare 1.0.1 - +_Released in August 14, 2023_ * Mitigated source code leakage (through using "JSGI-BIN" instead of "jsgi-bin") in Windows ## YellowSquare 1.0.0 - +_Released in August 11, 2023_ * First YellowSquare release.