v2.17.1

What's Changed

• ci: push to ghcr.io (again) by @mccutchen in #201

Full Changelog: v2.17.0...v2.17.1

v2.17.0

What's Changed

• feat: allow configuration of underlying http.Server by @mccutchen in #199
• ci: push to ghcr.io in addition to docker hub by @mccutchen in #200

Full Changelog: v2.16.1...v2.17.0

v2.16.1

What's Changed

• feat: allow specifying content-type for /base64 responses by @mccutchen in #198

Full Changelog: v2.16.0...v2.16.1

v2.16.0

What's Changed

• feat: add /env endpoint to allow exposing operator-controlled info from the server by @mloskot in #189

New Contributors

• @mloskot made their first contribution in #189

Full Changelog: v2.15.0...v2.16.0

v2.15.0

Summary

• ⚠️ Minimum Go version is now 1.22 ⚠️ due to use of new stdlib router enhancements
• New /trailers endpoint added
• Server-Timings headers/trailers added to endpoints with client-controlled response times

What's Changed

• chore(build): bump docker image to 1.23 by @mccutchen in #180
• feat: use enhanced stdlib HTTP router by @mccutchen in #181
• chore(ci): fix code coverage uploads by @mccutchen in #183
• refactor: small tweak to template rendering helpers by @mccutchen in #182
• feat: add /trailers endpoint by @mccutchen in #184
• refactor: minor tweaks to /drip implementation by @mccutchen in #185
• feat: add Server-Timing headers/trailers where relevant by @mccutchen in #186

Full Changelog: v2.14.1...v2.15.0

v2.14.1

What's Changed

• feat: support JSON structured log formatting by @pehlicd in #179

New Contributors

• @pehlicd made their first contribution in #179

Full Changelog: v2.14.0...v2.14.1

v2.14.0

What's Changed

• chore(ci): tweak codecov configuration by @mccutchen in #168
• add appProcotol to the k8s service for port name 'http' by @bcollard in #169
• fix: mitigate allowed redirect domain bypass by @mccutchen in #174

🔐 Security fix 🔐

This release fixes a bug that allowed clients to bypass the -allowed-redirect-domains/ALLOWED_REDIRECT_DOMAINS configuration used by the /redirect-to endpoint by passing an absolute URL without a scheme (e.g. /redirect-to?url=//evil.com).

See #173 and #174 for details about the issue and the fix, and see the Production Considerations section of the README for more info on why that configuration is important.

New Contributors

• @bcollard made their first contribution in #169

Full Changelog: v2.13.4...v2.14.0

v2.13.4

What's Changed

• feat: support Fastly and Akamai headers for client IP addr by @haccht in #167

New Contributors

• @haccht made their first contribution in #167

Full Changelog: v2.13.3...v2.13.4

v2.13.3

What's Changed

• chore(ci): simplify CI config by @mccutchen in #164
• chore(ci): fix codecov configuration by @mccutchen in #165
• feat: add a kustomize base to the repository by @james-callahan in #144
• feat: allow POST, PUT, DELETE, PATCH methods on /basic-auth endpoint by @mgeuer in #166

New Contributors

• @james-callahan made their first contribution in #144
• @mgeuer made their first contribution in #166

Full Changelog: v2.13.2...v2.13.3

v2.13.2

What's Changed

• feat: /status endpoint supports weighted choice from multiple status codes by @mccutchen in #162

Full Changelog: v2.13.1...v2.13.2