2.0 -- "Lady Stardust"
signify(1) pubkeys for this release: RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
New Features
- added
listen on
to specify per-server the list of addresses from where connections are to be accepted. - added titan(1), a simple titan client.
- splitted the "configless" version of gmid as a standalone executable gemexp(1)
- added ability to log to files with
log access <path>
- added ability to change the syslog(3) facility with
log syslog facility <facility>
- added ability to change the logging style with
log style <style>
- added `fastcgi strip'
- reworked the privsep implementation and added a privsep crypto engine
- implemented
SCRIPT_NAME' and
PATH_INFO' splitting for fastcgi
Bug fixes
- fixed handling of TLS handshake failures
Improvements
- contrib/gencert: added -e to generate EC keys
- use default prefork (3) in regress
- removed the sha256 dependency of the regress suite
- parse and log the fastcgi reply
- revamped the fastcgi configuration, now it's per-location
- attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
- synced the parameters with RFC3875 (CGI)
- gg: exit with the gemini response code unless it's 2X
- gemexp: generate EC certificates too (it's also the new default)
- (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”
Breaking Changes
- removed CGI support
- gg now warns when the server doesn't use TLS' close_notify
- deprecated the global
ipv6
andport
settings in favour of the per-serverlisten on
directive - removed the already deprecated config options
mime' and
map' - droped seccomp and capsicum support
- FastCGI: set REQUEST_METHOD to "GET" instead of the empty string