Merge pull request #3030 from bunkerity/dev

Merge branch "dev" into branch "staging"

Author: TheophileDiot

.github/workflows/codeql.yml

@@ -36,12 +36,12 @@ jobs:
           python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
           echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           languages: ${{ matrix.language }}
           config-file: ./.github/codeql.yml
           setup-python-dependencies: false
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/container-build.yml

@@ -76,10 +76,10 @@ jobs:
           SSH_IP: ${{ secrets.ARM_SSH_IP }}
           SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
       - name: Setup Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
         if: startsWith(inputs.CACHE_SUFFIX, 'arm') == false
       - name: Setup Buildx (ARM)
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
         if: startsWith(inputs.CACHE_SUFFIX, 'arm')
         with:
           endpoint: ssh://root@arm

.github/workflows/dev-update-mmdb.yml

@@ -52,7 +52,7 @@ jobs:
           rm -f asn.mmdb country.mmdb
           gunzip asn.mmdb.gz country.mmdb.gz
       - name: Commit and push changes
-        uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
         with:
           branch: dev
           commit_message: "Monthly mmdb update"

.github/workflows/linux-build.yml

@@ -85,10 +85,10 @@ jobs:
           SSH_IP: ${{ secrets.ARM_SSH_IP }}
           SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
       - name: Setup Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
         if: startsWith(env.ARCH, 'arm') == false
       - name: Setup Buildx (ARM)
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
         if: startsWith(env.ARCH, 'arm') == true
         with:
           endpoint: ssh://root@arm

.github/workflows/push-docker.yml

@@ -68,11 +68,17 @@ jobs:
           SSH_IP: ${{ secrets.ARM_SSH_IP }}
           SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
       - name: Setup Buildx (ARM)
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
         with:
           endpoint: ssh://root@arm
           platforms: linux/arm64,linux/arm/v7
           buildkitd-flags: --debug
+      # Sanitize tags (replace ~ with - for valid Docker/GHCR tag names)
+      - name: Sanitize tags
+        id: sanitize
+        run: |
+          TAGS="${{ inputs.TAGS }}"
+          echo "tags=${TAGS//\~/-}" >> "$GITHUB_OUTPUT"
       # Compute metadata
       - name: Extract metadata
         id: meta
@@ -87,7 +93,7 @@ jobs:
           file: ${{ inputs.DOCKERFILE }}
           platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
           push: true
-          tags: ${{ inputs.TAGS }}
+          tags: ${{ steps.sanitize.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: |
             type=registry,ref=docker.io/bunkerity/bw-images-cache:${{ inputs.CACHE_FROM }}-amd64

.github/workflows/push-github.yml

@@ -27,21 +27,27 @@ jobs:
         uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
+      # Sanitize version (replace ~ with - for valid Git tag names)
+      - name: Sanitize version
+        id: sanitize
+        run: |
+          VERSION="${{ inputs.VERSION }}"
+          echo "version=${VERSION//\~/-}" >> "$GITHUB_OUTPUT"
       # Create tag
       - uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
         name: Create tag
         if: inputs.VERSION != 'testing'
         with:
-          tag: "v${{ inputs.VERSION }}"
-          message: "v${{ inputs.VERSION }}"
+          tag: "v${{ steps.sanitize.outputs.version }}"
+          message: "v${{ steps.sanitize.outputs.version }}"
           force_push_tag: true
       # Create tag
       - uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
         name: Create tag
         if: inputs.VERSION == 'testing'
         with:
-          tag: "${{ inputs.VERSION }}"
-          message: "${{ inputs.VERSION }}"
+          tag: "${{ steps.sanitize.outputs.version }}"
+          message: "${{ steps.sanitize.outputs.version }}"
           force_push_tag: true
       # Extract and preserve changelog formatting
       - name: Extract changelog
@@ -119,8 +125,8 @@ jobs:
             ${{ env.DECODED_CHANGELOG }}
           draft: true
           prerelease: ${{ inputs.PRERELEASE }}
-          name: v${{ inputs.VERSION }}
-          tag_name: v${{ inputs.VERSION }}
+          name: v${{ steps.sanitize.outputs.version }}
+          tag_name: v${{ steps.sanitize.outputs.version }}
           discussion_category_name: Announcements
           files: |
             BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
@@ -148,7 +154,7 @@ jobs:
           draft: false
           prerelease: ${{ inputs.PRERELEASE }}
           name: Testing
-          tag_name: ${{ inputs.VERSION }}
+          tag_name: ${{ steps.sanitize.outputs.version }}
           files: |
             misc/install-bunkerweb.sh
             misc/install-bunkerweb.sh.sha256

.github/workflows/push-packagecloud.yml

@@ -42,7 +42,7 @@ jobs:
       - name: Check out repository code
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Install ruby
-        uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0
+        uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0
         with:
           ruby-version: "3.0"
       - name: Install packagecloud

.github/workflows/scorecards-analysis.yml

@@ -25,6 +25,6 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           sarif_file: results.sarif

CHANGELOG.md

@@ -1,6 +1,13 @@
 # Changelog
 
-## v1.6.7~rc1 - ????/??/??
+## v1.6.7~rc2 - 2026/01/??
+
+- [BUGFIX] Fix wrong certificate name checks in Let's Encrypt
+- [LINUX] Updated NGINX version to v1.28.1 for Fedora 42 and 43 integration
+- [ALL-IN-ONE] Update CrowdSec version to 1.7.4
+- [DEPS] Updated luajit2 version to v2.1-20251229
+
+## v1.6.7~rc1 - 2025/12/17
 
 - [FEATURE] Refactor logging setup across multiple modules to be able to send logs to a syslog server and have multiple handlers at the same time
 - [FEATURE] Allow configuration of whether Base64 decoding should be applied to DNS credentials via the new `LETS_ENCRYPT_DNS_CREDENTIAL_DECODE_BASE64` setting in the `Let's Encrypt` plugin (default is `yes`)
@@ -28,6 +35,7 @@
 - [DOCS] Update database compatibility matrix
 - [DOCS] Refactor API documentation to include new API features and improve clarity
 - [DOCS] Add documentation about the new "Custom Pages" PRO plugin
+- [DOCS] Refactor web UI documentation to improve clarity
 - [DEPS] Update lua-resty-session version to v4.1.5
 - [DEPS] Update coreruleset-v4 version to v4.21.0
 - [DEPS] Updated zlib version to v1.3.1.2

README.md

@@ -1,5 +1,5 @@
 <p align="center">
-	<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/misc/logo.png" height=100 width=350 />
+	<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/misc/logo.png" height=100 width=350 />
 </p>
 
 <p align="center">
@@ -30,7 +30,7 @@
 	 &#124;
 	🧩 <a href="https://github.com/bunkerity/bunkerweb-templates">Templates</a>
 	 &#124;
-	🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/examples">Examples</a>
+	🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/examples">Examples</a>
 	<br/>
 	💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
 	 &#124;
@@ -48,7 +48,7 @@
 # BunkerWeb
 
 <p align="center">
-	<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/intro-overview.svg" />
+	<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/intro-overview.svg" />
 </p>
 
 BunkerWeb is a next-generation, open-source Web Application Firewall (WAF).
@@ -156,7 +156,7 @@ Community and social networks:
 # Concepts
 
 <p align="center">
-	<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/concepts.svg" />
+	<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/concepts.svg" />
 </p>
 
 You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.6.7~rc1/concepts/?utm_campaign=self&utm_source=github).
@@ -211,7 +211,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall:
 ## Database
 
 <p align="center">
-	<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/bunkerweb_db.svg" />
+	<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/bunkerweb_db.svg" />
 </p>
 
 The state of the current configuration of BunkerWeb is stored in a backend database which contains the following data:
@@ -240,7 +240,7 @@ In other words, the scheduler is the brain of BunkerWeb.
 <!--## BunkerWeb Cloud
 
 <p align="center">
-	<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/bunkerweb-cloud.webp" />
+	<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/bunkerweb-cloud.webp" />
 </p>
 
 BunkerWeb Cloud is the easiest way to get started with BunkerWeb. It offers you a fully managed BunkerWeb service with no hassle. Think of it like a BunkerWeb-as-a-Service!
@@ -250,7 +250,7 @@ You will find more information about BunkerWeb Cloud beta [here](https://www.bun
 ## Linux
 
 <p align="center">
-	<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/integration-linux.svg" />
+	<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/integration-linux.svg" />
 </p>
 
 List of supported Linux distros:
@@ -270,7 +270,7 @@ You will find more information in the [Linux section](https://docs.bunkerweb.io/
 ## Docker
 
 <p align="center">
-	<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/integration-docker.svg" />
+	<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/integration-docker.svg" />
 </p>
 
 We provide ready-to-use prebuilt images for x64, x86, armv7, and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
@@ -286,7 +286,7 @@ You will find more information in the [Docker integration section](https://docs.
 ## Docker autoconf
 
 <p align="center">
-	<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/integration-autoconf.svg" />
+	<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/integration-autoconf.svg" />
 </p>
 
 The downside of using environment variables is that the container needs to be recreated each time there is an update, which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
@@ -298,7 +298,7 @@ You will find more information in the [Docker autoconf section](https://docs.bun
 ## Kubernetes
 
 <p align="center">
-	<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/integration-kubernetes.svg" />
+	<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/integration-kubernetes.svg" />
 </p>
 
 The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
@@ -310,17 +310,17 @@ You will find more information in the [Kubernetes section](https://docs.bunkerwe
 ## Microsoft Azure
 
 <p align="center">
-	<img alt="Azure banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/integration-azure.webp" />
+	<img alt="Azure banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/integration-azure.webp" />
 </p>
 
-BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and an ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/misc/integrations/azure-arm-template.json).
+BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and an ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/misc/integrations/azure-arm-template.json).
 
 You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.6.7~rc1/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation.
 
 ## Swarm
 
 <p align="center">
-	<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/docs/assets/img/integration-swarm.svg" />
+	<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/docs/assets/img/integration-swarm.svg" />
 </p>
 
 To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
@@ -401,7 +401,7 @@ BunkerWeb UI supports multiple languages. Translations are managed in the `src/u
 - Italian (it)
 - Turkish (tr)
 
-See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/src/ui/app/static/locales/README.md) for details on translation provenance and review status.
+See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/src/ui/app/static/locales/README.md) for details on translation provenance and review status.
 
 ## Contributing Translations
 
@@ -417,7 +417,7 @@ We welcome contributions to improve or add new locale files!
 
 For updates, edit the relevant file and update the provenance table as needed.
 
-See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/src/ui/app/static/locales/README.md) for full guidelines.
+See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/src/ui/app/static/locales/README.md) for full guidelines.
 
 # Support
 
@@ -440,15 +440,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues)
 
 # License
 
-This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/LICENSE.md).
+This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/LICENSE.md).
 
 # Contribute
 
-If you would like to contribute to the plugins, you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/CONTRIBUTING.md) to get started.
+If you would like to contribute to the plugins, you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/CONTRIBUTING.md) to get started.
 
 # Security policy
 
-We take security bugs as serious issues and encourage responsible disclosure; see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.6.7~rc1/SECURITY.md) for more information.
+We take security bugs as serious issues and encourage responsible disclosure; see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.6.7-rc1/SECURITY.md) for more information.
 
 # Star History