release: v0.2.34

Fix documentation errors, typos, and CI/CD workflow inconsistency.

Author: dvershinin

.github/workflows/pythonpublish.yml

@@ -2,7 +2,7 @@ name: Upload Python Package
 
 on:
   release:
-    types: [created]
+    types: [published]
 
 jobs:
   deploy:

CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.34] - 2026-02-12
+
+### Fixed
+- **Documentation**: Fixed malformed Docker command in README and documentation (missing space before `nginx:alpine`).
+- **Documentation**: Updated outdated `/plugins/` paths to `/checks/` with kebab-case naming across all README and doc index files.
+- **Documentation**: Added missing `status_page_exposed` check to the Access Control section in English documentation index.
+- **CI/CD**: Changed PyPI publish workflow trigger from `release: created` to `release: published` for consistency with Docker publish workflow.
+- **Code**: Fixed double period typo in `gixy/core/variable.py` docstring.
+
 ## [0.2.33] - 2026-02-09
 
 ### Fixed

README.RU.md

@@ -18,14 +18,14 @@ Gixy — это утилита для анализа конфигурации Ng
 # Что умеет
 На текущий момент Gixy способна обнаружить:
 
-*   [[ssrf] Server Side Request Forgery](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/ssrf.md)
-*   [[http_splitting] HTTP Splitting](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/httpsplitting.md)
-*   [[origins] Проблемы валидации referrer/origin](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/origins.md)
-*   [[add_header_redefinition] Переопределение "вышестоящих" заголовков ответа директивой "add_header"](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/addheaderredefinition.md)
-*   [[host_spoofing] Подделка заголовка запроса Host](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/hostspoofing.md)
-*   [[valid_referrers] none in valid_referrers](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/validreferers.md)
-*   [[add_header_multiline] Многострочные заголовки ответа](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/addheadermultiline.md)
-*   [[alias_traversal] Path traversal при использовании alias](https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/aliastraversal.md)
+*   [[ssrf] Server Side Request Forgery](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/ssrf.md)
+*   [[http_splitting] HTTP Splitting](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/http-splitting.md)
+*   [[origins] Проблемы валидации referrer/origin](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/origins.md)
+*   [[add_header_redefinition] Переопределение "вышестоящих" заголовков ответа директивой "add_header"](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/add-header-redefinition.md)
+*   [[host_spoofing] Подделка заголовка запроса Host](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/host-spoofing.md)
+*   [[valid_referrers] none in valid_referrers](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/valid-referers.md)
+*   [[add_header_multiline] Многострочные заголовки ответа](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/add-header-multiline.md)
+*   [[alias_traversal] Path traversal при использовании alias](https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/alias-traversal.md)
 
 Проблемы, которым Gixy только учится, можно найти в [Issues с меткой "new plugin"](https://github.com/dvershinin/gixy/issues?q=is%3Aissue+is%3Aopen+label%3A%22new+plugin%22)
 

README.md

@@ -97,7 +97,7 @@ $ gixy /etc/nginx/nginx.conf
 
 Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
 Description: Using variables that can contain "\n" may lead to http injection.
-Additional info: https://github.com/dvershinin/gixy/blob/master/docs/en/plugins/httpsplitting.md
+Additional info: https://github.com/dvershinin/gixy/blob/master/docs/en/checks/http-splitting.md
 Reason: At least variable "$action" can contain "\n"
 Pseudo config:
 include /etc/nginx/sites/default.conf;
@@ -206,8 +206,8 @@ $ docker run --rm -v `pwd`/nginx.conf:/etc/nginx/conf/nginx.conf getpagespeed/gi
 If you have an image that already contains your nginx configuration, you can share the configuration
 with the Gixy container as a volume.
 ```
-$  docker run --rm --name nginx -d -v /etc/nginx
-nginx:alpinef68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
+$  docker run --rm --name nginx -d -v /etc/nginx nginx:alpine
+f68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
 
 $  docker run --rm --volumes-from nginx dvershinin/gixy /etc/nginx/nginx.conf
 

docs/en/index.md

@@ -57,6 +57,7 @@ Gixy can find various NGINX configuration security issues, as well as NGINX conf
 *   [none in valid_referers](checks/valid-referers.md)
 *   [Allow Specified Without Deny](checks/allow-without-deny.md)
 *   [Return Bypasses allow/deny](checks/return-bypasses-allow-deny.md)
+*   [Status Page Exposed](checks/status-page-exposed.md)
 
 ### Configuration Best Practices
 
@@ -116,7 +117,7 @@ $ gixy /etc/nginx/nginx.conf
 
 Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
 Description: Using variables that can contain "\n" may lead to http injection.
-Additional info: https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/httpsplitting.md
+Additional info: https://github.com/dvershinin/gixy/blob/master/docs/en/checks/http-splitting.md
 Reason: At least variable "$action" can contain "\n"
 Pseudo config:
 include /etc/nginx/sites/default.conf;
@@ -170,8 +171,8 @@ $ docker run --rm -v `pwd`/nginx.conf:/etc/nginx/conf/nginx.conf getpagespeed/gi
 If you have an image that already contains your nginx configuration, you can share the configuration
 with the Gixy container as a volume.
 ```
-$  docker run --rm --name nginx -d -v /etc/nginx
-nginx:alpinef68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
+$  docker run --rm --name nginx -d -v /etc/nginx nginx:alpine
+f68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
 
 $  docker run --rm --volumes-from nginx dvershinin/gixy /etc/nginx/nginx.conf
 

docs/ru/index.md

@@ -85,7 +85,7 @@ $ gixy /etc/nginx/nginx.conf
 
 Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
 Description: Using variables that can contain "\n" may lead to http injection.
-Additional info: https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/httpsplitting.md
+Additional info: https://github.com/dvershinin/gixy/blob/master/docs/ru/checks/http-splitting.md
 Reason: At least variable "$action" can contain "\n"
 Pseudo config:
 include /etc/nginx/sites/default.conf;
@@ -138,8 +138,8 @@ $ docker run --rm -v `pwd`/nginx.conf:/etc/nginx/conf/nginx.conf getpagespeed/gi
 
 Если у вас уже есть образ с конфигурацией Nginx, можно примонтировать её во второй контейнер:
 ```
-$  docker run --rm --name nginx -d -v /etc/nginx
-nginx:alpinef68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
+$  docker run --rm --name nginx -d -v /etc/nginx nginx:alpine
+f68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
 
 $  docker run --rm --volumes-from nginx dvershinin/gixy /etc/nginx/nginx.conf
 

docs/zh/index.md

@@ -79,7 +79,7 @@ $ gixy /etc/nginx/nginx.conf
 
 Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
 Description: Using variables that can contain "\n" may lead to http injection.
-Additional info: https://github.com/dvershinin/gixy/blob/master/docs/ru/plugins/httpsplitting.md
+Additional info: https://github.com/dvershinin/gixy/blob/master/docs/zh/checks/http-splitting.md
 Reason: At least variable "$action" can contain "\n"
 Pseudo config:
 include /etc/nginx/sites/default.conf;
@@ -132,8 +132,8 @@ $ docker run --rm -v `pwd`/nginx.conf:/etc/nginx/conf/nginx.conf getpagespeed/gi
 
 如果已有包含 Nginx 配置的镜像，也可将其作为卷挂载至 Gixy 容器：
 ```
-$  docker run --rm --name nginx -d -v /etc/nginx
-nginx:alpinef68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
+$  docker run --rm --name nginx -d -v /etc/nginx nginx:alpine
+f68f2833e986ae69c0a5375f9980dc7a70684a6c233a9535c2a837189f14e905
 
 $  docker run --rm --volumes-from nginx dvershinin/gixy /etc/nginx/nginx.conf
 

gixy/__init__.py

@@ -2,4 +2,4 @@
 
 from gixy.core import severity
 
-version = "0.2.33"
+version = "0.2.34"

gixy/core/variable.py

@@ -54,7 +54,7 @@ def __init__(
         Gixy Nginx variable class - parse and provide helpers to work with it.
 
         :param str|None name: variable name.
-        :param str|Regexp value: variable value..
+        :param str|Regexp value: variable value.
         :param Regexp boundary: variable boundary set.
         :param Directive provider: directive that provide variable (e.g. if, location, rewrite, etc.).
         :param bool have_script: may variable have nginx script or not (mostly used to indicate a string literal).