v0.8.3

v0.8.3

🔧 Misc

• Update go: 1.22.4
• Update go dependencies:
  • upgraded github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 => v0.0.0-20240528025155-186aa0362fba
  • upgraded github.com/onsi/ginkgo/v2 v2.17.3 => v2.19.0
  • upgraded golang.org/x/crypto v0.23.0 => v0.24.0
  • upgraded golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 => v0.0.0-20240604190554-fc45aab8b7f8
  • upgraded golang.org/x/mod v0.17.0 => v0.18.0
  • upgraded golang.org/x/net v0.25.0 => v0.26.0
  • upgraded golang.org/x/sys v0.20.0 => v0.21.0
  • upgraded golang.org/x/text v0.15.0 => v0.16.0
  • upgraded golang.org/x/tools v0.21.0 => v0.22.0

Compare with v0.8.2

v0.8.2

v0.8.2

🔧 Bug fix

• Sign OCSP responses with RSA or ECDSA keys.

🔧 Misc

• Update go dependencies:
  • upgraded github.com/beevik/etree v1.3.0 => v1.4.0
  • upgraded github.com/google/pprof v0.0.0-20240507183855-6f11f98ebb1c => v0.0.0-20240509144519-723abb6459b7
  • upgraded github.com/quic-go/quic-go v0.43.1 => v0.44.0

Compare with v0.8.1

v0.8.1

v0.8.1

⭐ Feature improvements

• Only allow GET and HEAD methods for static files.
• Sanitize the request path before comparing to local endpoints, e.g. //.sso redirects to /.sso
• Add a sanitizePath option to backends. When true (default), request paths are sanitized before they are sent to the backends.

🔧 Misc

• Update go: 1.22.3
• Update go dependencies:
  • upgraded github.com/google/pprof v0.0.0-20240422182052-72c8669ad3e7 => v0.0.0-20240507183855-6f11f98ebb1c
  • upgraded github.com/onsi/ginkgo/v2 v2.17.1 => v2.17.3
  • upgraded golang.org/x/crypto v0.22.0 => v0.23.0
  • upgraded golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f => v0.0.0-20240506185415-9bf2ced13842
  • upgraded golang.org/x/net v0.24.0 => v0.25.0
  • upgraded golang.org/x/sys v0.19.0 => v0.20.0
  • upgraded golang.org/x/text v0.14.0 => v0.15.0
  • upgraded golang.org/x/tools v0.20.0 => v0.21.0

Compare with v0.8.0

v0.8.0

v0.8.0

🌟 New features

• Serve static files from a local filesystem when documentRoot: is set.

🔧 Misc

• Upgrade github.com/quic-go/quic-go v0.42.0 => v0.43.1

Compare with v0.7.2

v0.7.2

v0.7.2

🔧 Misc

• Update the tpm library to pick up a bug fix. The saved TPM keys would become invalid after a reboot. This only affected configurations with hwBacked: true.

Compare with v0.7.1

v0.7.1

v0.7.1

🔧 Misc

• Update go dependencies:
  • upgraded github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f => v0.0.0-20240422182052-72c8669ad3e7
  • upgraded golang.org/x/crypto v0.21.0 => v0.22.0
  • upgraded golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 => v0.0.0-20240416160154-fe59bbe5cc7f
  • upgraded golang.org/x/mod v0.16.0 => v0.17.0
  • upgraded golang.org/x/net v0.23.0 => v0.24.0
  • upgraded golang.org/x/sys v0.18.0 => v0.19.0
  • upgraded golang.org/x/tools v0.19.0 => v0.20.0

Compare with v0.7.0

v0.7.0

v0.7.0

🌟 New features

• Add hwBacked option. When enabled, hardware-backed cryptographic keys are used to:
  • encrypt local data (the data cannot be used or recovered on a different device),
  • sign authentication tokens,
  • sign the PKI certificates, OCSP responses, and CRLs.
• Add --quiet flag. When set (or the TLSPROXY_QUIET env variable is true), logging is turned off after tlsproxy starts.

🔧 Misc

• Release binaries and container images are now signed.
• Update go: 1.22.2
• Update go dependencies:
  • upgraded github.com/quic-go/quic-go v0.41.0 => v0.42.0

Compare with v0.6.4

v0.7.0-beta4

v0.7.0-beta4

🌟 New features

• Add hwBacked option. When enabled, hardware-backed cryptographic keys are used to:
  • encrypt local data (the data cannot be used or recovered on a different device),
  • sign authentication tokens,
  • sign the PKI certificates, OCSP responses, and CRLs.
• Add --quiet flag. When set (or the TLSPROXY_QUIET env variable is true), logging is turned off after tlsproxy starts.

🔧 Misc

• Release binaries and container images are now signed.
• Update go: 1.22.2
• Update go dependencies:
  • upgraded github.com/quic-go/quic-go v0.41.0 => v0.42.0

Compare with v0.6.4

v0.7.0-beta3

v0.7.0-beta3

• Add hwBacked option. When enabled, hardware-backed cryptographic keys are used to:
  • encrypt local data (the data cannot be used or recovered on a different device),
  • sign authentication tokens,
  • sign the PKI certificates, OCSP responses, and CRLs.
• Add --quiet flag. When set (or the TLSPROXY_QUIET env variable is true), logging is turned off after tlsproxy starts.
• Update go dependencies:
  • upgraded github.com/quic-go/quic-go v0.41.0 => v0.42.0

Compare with v0.6.4

v0.7.0-beta2

v0.7.0-beta2

• Add hwBacked option. When enabled, hardware-backed cryptographic keys are used to:
  • encrypt local data (the data cannot be used or recovered on a different device),
  • sign authentication tokens,
  • sign the PKI certificates, OCSP responses, and CRLs.
• Add --quiet flag. When set (or the TLSPROXY_QUIET env variable is true), logging is turned off after tlsproxy starts.
• Update go dependencies:
  • upgraded github.com/quic-go/quic-go v0.41.0 => v0.42.0

Compare with v0.6.4