Subject: CVS commit: pkgsrc/www/caddy
From: Benny Siegert
Date: 2021-06-27 12:01:49
Message id:

Log Message:
Update caddy to 2.4.3.


A bug fix for the bug fix, and a couple other bug fixes, including one security
fix for PHP sites. We think all users should upgrade after giving it a whirl in
their test environments. Please note some changes in this patch:

  * In reverse_proxy, the max_idle_conns_per_host option has been removed
    (both Caddyfile and JSON). This may be a breaking change for a few of you,
    but it only breaks configs that relied on a bug. Instead of silently
    failing, you will get an error if you continue using the property. For
    Caddyfile, we basically renamed the property to
    keepalive_idle_conns_per_host. In JSON, we simply removed the property, and
    you should instead set keep_alive/max_idle_conns_per_host if you weren't
    already. Previously, the Caddyfile subdirective set both MaxConnsPerHost
    and MaxIdleConnsPerHost, which was confusing; and the JSON properties
    overwrote each other, so one was removed.
  * Security patch in the FastCGI transport that now sanitizes paths against
    directory traversal outside the site root.
  * Fix canonicalization redirects in file_server. v2.4.2 introduced a bugfix
    for these redirects when used inside handle_path (i.e. rewriting
    the path by stripping a prefix), but caused a regression for many other use
    cases. This release includes a proper fix for all known, tested cases.
    Basically: these redirects are not issued if the filename of a path was
    rewritten internally.


A few enhancements and bug fixes. Thanks to all who contributed to this