releases.txt

# Custom Release File Format
#
# - Lines starting with '#' are comments.
# - Releases are listed in descending order, with the latest release first.
# - Each release follows this structure:
#
#   =--- release-name ---=
#   Release description
#   Can span multiple lines
#   =--- END ---=
#
# Details:
# - release-name: the name of the release
# - Release description: detailed information about the release
# - =--- END ---=: marks the end of the release 

=--- v1.11 ---=
### What changed
- Added `BIND_ADDRESS` config option to set which network interface the server listens on (Default: `0.0.0.0`).
- The startup log now shows the full bind address and port (e.g. `Listening on 0.0.0.0:8080`).
- Error messages are now printed to `STDERR`.
- Fixed a bug where the simultaneous connection counter could overflow after 255 connections.
=--- END ---=

=--- v1.10 ---=
### What changed
- Added `AUTH_REALM` config option to set a custom realm for Basic Authentication (Default: `None`).
- Added `USE_X_REAL_IP` config option to log the real client IP from the `X-Real-Ip` header when running behind a reverse proxy (Default: `false`).
- Added a missing validation for the `errordoc_401` setting.
=--- END ---=

=--- v1.9 ---=
### What changed
- Added persistent request logging to file in Apache HTTP Server combined log format (CLFE), including client IP, timestamp, request line, status code, response size, referer, and user-agent.
- Added `LOG_FILE` config option to specify a custom log file path (default: logs to STDOUT).
- The install script now creates `/var/log/nasmserver`.
- Requests now parse and log `User-Agent` and `Referer` headers for richer analytics.
- If the log file cannot be opened, a warning is logged and STDOUT is used as a fallback.

New log format:
```
127.0.0.1 - - [25/Mar/2026:16:47:06 +0100] "GET / HTTP/1.0" 200 3501 "-" "NASM-Client/1.0"
```
=--- END ---=

=--- v1.8 ---=
### What changed
- Added `If-Modified-Since` support: conditional GET requests now return `304 Not Modified` when appropriate.
- CI/CD now tracks binary size and syscall stats for releases (see below).
=--- END ---=

=--- v1.7 ---=
### What changed
- Added `SERVE_DOTS` config option to control whether dotfiles and dotfolders are served (default: `false`, they are blocked)
- Directories with no index file now return `403 Forbidden` instead of `404 Not Found`
- Responses now include a `Content-Encoding: identity` header when serving files
- Responses now include a `Pragma: no-cache` header when `MAX_AGE` is set to `0`
=--- END ---=

=--- v1.6 ---=
### What changed
- Added `HEAD` request support: clients can now request headers only without downloading the file body
- Responses now include a `Last-Modified:` header with the file's last change time
- Responses now include `Accept-Ranges: none`, explicitly warning that partial/range downloads are not supported
- `405 Method Not Allowed` responses now include an `Allow:` header listing supported methods, as required by the HTTP spec
=--- END ---=

=--- v1.5 ---=
### What changed
- Added `MAX_AGE` config option to control how long browsers cache files (default: 600 seconds)
- Responses now include a `Date:` header
- Max simultaneous connections (`MAX_REQUESTS`) raised from 255 to 65535
- Added benchmarking to release notes
=--- END ---=

=--- v1.4 ---=
### What changed
- Added Basic Authentication support: you can now set `AUTH_USER` and `AUTH_PASSWORD` in your config file to password-protect your server
- Added custom error page support for 401 Unauthorized

> [!CAUTION]
> The password is sent in Base64, which is easily readable by an attacker.  
> To protect your login data, consider enabling HTTPS with a reverse proxy or a cloudflare tunnel.
=--- END ---=

=--- v1.3 ---=
### What changed
- Requests and file paths now support longer inputs, so fewer unexpected 404s or truncated responses on complex URLs
- All configurations string values are capped to 128 characters
- Added an `install` script to both x64 and aarch64 bundles. Run `sudo ./install` to set up NASMServer system-wide (installs to `/opt/nasmserver`, web root at `/var/www/nasmserver`)
- The install script can also be used to update an existing installation without overwriting your config
=--- END ---=

=--- v1.2-rev.1 ---=
### What changed
**rev.1**
- x64 and aarch64 bundles are automatically prebuilt and uploaded to release assets


**v1.2**
- Default port changed from `80` to `8080`
- Added `-e <path>` flag to specify a config file (replaces passing it as a plain argument)
- Added `-h` flag to print usage information
- Added `-v` flag to print the server version
- Passing an unrecognized argument now prints a helpful error instead of silently ignoring it
=--- END ---=

=--- v1.2 ---=
### What changed
- Default port changed from `80` to `8080`
- Added `-e <path>` flag to specify a config file (replaces passing it as a plain argument)
- Added `-h` flag to print usage information
- Added `-v` flag to print the server version
- Passing an unrecognized argument now prints a helpful error instead of silently ignoring it
=--- END ---=

=--- v1.1 ---=
### What changed
- `?queries` are being dropped from request paths (e.g. `/page?hey=yo` is threated as `/page`). Since this is a static file server, they are never processed and would previously cause file requests to 404.
- Default server name updated to `NASMServer/1.1`
=--- END ---=

=--- v1.0 ---=
### What changed
- Static file serving from a configurable document root
- MIME type detection (70+ types)
- Per-request `fork()`-based concurrency with a configurable cap (`MAX_REQUESTS`)
- Custom error pages for 400, 403, 404, and 405
- `.env`-based configuration with defaults for all keys
- Path traversal protection (`..` detection)
- Directory requests automatically resolve to the configured index file
- Startup validation (document root existence/permissions, errordoc paths, port privileges)
- Request logging with client IP, path, and status code
=--- END ---=