Releases: pires/go-proxyproto
Releases · pires/go-proxyproto
v0.8.0
What's Changed
- Add an helper for proxied HTTP/2 by @emersion in #102
- build(deps): bump golang.org/x/net from 0.12.0 to 0.17.0 by @dependabot in #103
- build(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in #109
- Add support for validating the downstream ip of the connection by @kmala in #108
- add SetReadHeaderTimeout opt for NewConn by @pieropio in #113
- header.go prevent otherHeader.rawTLVs being nil by @hilbix in #104
- protocol: avoid double buffering by @mmatczuk in #116
- lint: replace math/rand.Read with crypto/rand.Read by @pires in #118
- Protocol: Keep listener listening if we don't trust the upstream address by @peteski22 in #110
New Contributors
- @dependabot made their first contribution in #103
- @kmala made their first contribution in #108
- @pieropio made their first contribution in #113
- @hilbix made their first contribution in #104
- @mmatczuk made their first contribution in #116
- @peteski22 made their first contribution in #110
Full Changelog: v0.7.0...v0.8.0
Contributors
peteski22, emersion, and 6 other contributors
Assets 2
v0.7.0
What's Changed
- Bump DefaultReadHeaderTimeout to 10s by @emersion in #84
- Add method to get SSL cipher from the SSL TLV by @dgl in #91
- add support for parsing IPv4-mapped IPv6 addresses by @drakkan in #97
- Add SKIP policy to not expect a PROXY header by @kayrus in #96
- Revisit CI by @pires in #99
New Contributors
Full Changelog: v0.6.2...v0.7.0
Contributors
dgl, emersion, and 3 other contributors
Assets 2
v0.6.2
v0.6.1
Bugfixes
- Critical: Reset read deadline after parsing header (#76) thanks a ton to @antoniomika and a bunch of other folks who contributed to finding the solution
Improvements
- Introduce TLV parsing for Google Cloud extensions (#81) thanks to @igor-kupczynski
Contributors
igor-kupczynski and antoniomika
Assets 2
v0.6.0
Bugfixes
None
Improvements
- Prevent potentially malicious client(s) from opening connections and not send the proxy protocol header, which could lead to DoS as the server would hold those socket descriptors open indefinitely, eventually running out of resources. The solution is to set a read deadline when waiting for the PROXY protocol header (#74) thanks a lot to @unmarshal
v0.5.0
Bugfixes
The two bugs addressed below are considered serious security issues that can lead to DoS. I cannot express how thankful I am for @isedev for sharing the problem and the solution <3
- v1: enforce header maximum size of 107 bytes to avoid unbounded memory consumption (#71)
- v1: sender must always ensure that the header is sent at once to avoid slow loris attack (#71)
Improvements
- Add
PP2_TYPE_UNIQUE_ID(#67) thanks to @TimWolla - Add
ReadFrom/WriteToto increase performance when proxying wrapped connections usingio.Copy(#68) thanks to @databus23
v0.4.2
v0.4.1
v0.4.0
Announcement
First, the master branch has been renamed to main. Assuming your local copy has this repo as remote origin, execute the following commands:
git branch -m master main
git fetch originOptionally, if you're tracking this instead of a fork:
git branch -u origin/main mainBreaking changes
- Replaced v1 throwing
ErrCantReadProtocolVersionAndCommandwith:ErrLineMustEndWithCrlfwhen the issue is the line doesn't end with\r\n, which is required as per spec, andErrCantReadAddressFamilyAndProtocolwhen inet family and transport protocol are notTCP4,TCP6orUNKNOWN, as per spec.
Also, if notUNKNOWN, addresses information is required.
Improvements
- Support parsing v1
PROXY UNKNOWN(#61)
This has been quietly introduced in the spec while we were not watching. - Support v2 inet family and transport protocol
UNSPECbut only when command isLOCAL(#61)
For more information, read #60. Thank you to @bohanyang for the detailed description.