All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
1.0.1 - 2026-01-02
- Fix shell injection vulnerabilities in scripts (quote variables)
- Add
apk upgradeto Dockerfile for security patches (libpng, libpq, libsodium, c-ares, busybox CVEs) - Pin fail2ban image to 1.1.0 instead of
:latest - Increase DH params from 1024 to 2048 bits in test script
- Update LICENSE copyright holder to hvaclab
- Update Dockerfile maintainer label
1.0.0 - 2025-12-07
- Angie 1.10.3 web server (nginx fork) with ModSecurity WAF
- OWASP Core Rule Set 4.18.0 (825+ security rules)
- Multi-layered security: ModSecurity → Fail2Ban → Rate Limiting
- GeoIP enrichment with auto-download on first start
- Auto-generated SSL certificates and DH parameters (2048-bit)
- HTTP/2 and HTTP/3 (QUIC) support
- Comprehensive JSON logging with 70+ fields
- Security scoring system (0-15 threat levels)
- GitHub Actions CI/CD pipeline
- Bilingual documentation (EN/RU)
- Docker Compose configuration for dev and prod modes
- Makefile with helper commands
- TLS 1.2/1.3 only (TLS 1.0/1.1 disabled)
- Modern cipher suites (ECDHE, AES-GCM, ChaCha20)
- Security headers (HSTS, CSP, X-Frame-Options, etc.)
- Fail2Ban jails for bad requests, scans, DDoS, ModSecurity alerts