Changelog for
hiawatha-11.4-lp155.70.1.x86_64.rpm :
* Fri Jun 02 2023 Arjen de Korte
- Use system Mbed-TLS only on Tumbleweed as version 3.0+ is needed- Deleted patch to file that isn\'t packaged - harden_hiawatha.service.patch
* Mon May 29 2023 Arjen de Korte - Update to version 11.4:
* mbed TLS updated to 3.4.0.
* Bugfix: TunnelSSH issue with latest PuTTY versions.- Update to version 11.3:
* PHP 8 compatibility for Let\'s Encrypt script.
* Applied some patches from the FreeBSD community.
* mbed TLS updated to 3.3.0.- Update to version 11.2:
* mbed TLS updated to 3.2.1.
* Small improvements.- Update to version 11.1:
* mbed TLS updated to 3.1.0.
* Small bugfixes.- Update to version 11.0:
* mbed TLS updated to 3.0.0.
* Dropped support for TLSv1.0 and TLSv1.1. Configuration option MinTLSversion removed.
* Dropped support for HTTP Public Key Pinning (HPKP). Configuration option PublicKeyPins removed.- Update to version 10.12:
* mbed TLS updated to 2.26.0.
* New LE_ISSUERS setting for Let\'s Encrypt script.
* Bugfix: vfprintf issue for syslog in log.c.
* Fri Feb 11 2022 Johannes Segitz - Allow read only access with ProtectHome=read-only to enable UserWebsites=yes Modified harden_hiawatha.service.patch and hiawatha.service
* Wed Sep 22 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_hiawatha.service.patch Modified:
* hiawatha.service
* Wed Aug 19 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Thu Jul 16 2020 Mariusz Fik - Update to version 10.11:
* Default value of MinTLSversion set to 1.2.
* Small bugfixes.- Changes from 10.10:
* Removed several build options. Functionalities are now always enabled.
* Updated Let\'s Encrypt script due to changes in the API.
* Bugfix: AlterMode not working correctly.
* Wed Jul 24 2019 matthias.gerstnerAATTsuse.com- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Mon Mar 04 2019 Mariusz Fik - Update to version 10.9:
* Let\'s Encrypt script installed via CMake.
* Bugfix: Directory traversal when AllowDotFiles is enabled.
* Small improvements.
* Wed Sep 26 2018 fisiuAATTopensuse.org- Update to version 10.8.3:
* Several fixes in build system
* Added build system for nghttp2
* New style for directory index
* uri_depth added to XML for directory index
* Tue May 08 2018 fisiuAATTopensuse.org- Update to version 10.8.1.:
* Removed support for secp192r1 and secp192k1 curves, to make it PCI DSS compliant out of the box.
* Small improvements to Let\'s Encrypt ACMEv2 script.
* Mon Mar 26 2018 fisiuAATTopensuse.org- Ship Let\'s Encrypt script within subpackage.
* Mon Mar 26 2018 fisiuAATTopensuse.org- Add firewalld config files for Leap/SLE >= 15 and TW.
* Mon Mar 26 2018 fisiuAATTopensuse.org- Update to version 10.8:
* New Let\'s Encrypt script that supports ACME v2.
* Added Syslog option.
* Added GZipExtensions option.
* AllowDotFiles now used to show hidden files in directory listings.
* Removed support for static RSA ciphers.
* Hiawatha log format changed.
* Small improvements.
* Bugfix: certain characters in filenames disrupted directory index output.
* Bugfix: requesting non-regular files now results in a 403 instead of blocking that thread.
* Sat Feb 17 2018 fisiuAATTopensuse.org- Fix build with mbedtls 2.7.0.
* Tue Oct 24 2017 fisiuAATTopensuse.org- Update to version 10.7:
* Connect to a Unix socket via a reverse proxy.
* Added BlockExtensions setting.
* Small improvements.
* Bugfix: error in handling renewal scripts in Let\'s Encrypt script.
* Sat Jun 17 2017 fisiuAATTopensuse.org- Update to version 10.6:
* Added PublicKeyPins option.
* Added renewal-scripts to Let\'s Encrypt script.
* Small changes to CMake build system.
* Added CustomHeaderBackend option.
* Renamed CustomHeader option to CustomHeaderClient. Old name still works.
* Hiawatha ignores FileHashes and ReverseProxy for Let\'s Encrypt authentication requests.
* Small improvements and bugfixes.
* Tue Nov 15 2016 mpluskalAATTsuse.com- Update to version 10.4:
* SkipCacheCookie option added.
* Added Systemd init script to Debian package.
* Small improvements and bugfixes.- Small packaging changes and requirements update
* Sun Oct 02 2016 fisiuAATTopensuse.org- Build fails with mbedtls < 2.
* Sat Aug 27 2016 mpluskalAATTsuse.com- Update to version 10.3:
* PreventCSRF, PreventSQLi and PreventXSS improved.
* Prevention of MySQL data mining via SQL injection.
* Added revoke option to Let\'s Encrypt script.
* Hiawatha ignores RequireTLS for Let\'s Encrypt authentication requests.
* Small bugfixes and improvements.
* Bugfix: possible HTTP request pipelining error after CSRF prevented.- Changes for version 10.2:
* Added Let\'s Encrypt script (see extra/letsencrypt).
* Added support for requesting Let\'s Encrypt certificates (see AccessList and PasswordFile settings in manual page).
* Small improvements.
* Bugfix: HideProxy not working for Forwarded header.- Changes for 10.1:
* Added Extensions setting.
* Added support for X-Sendfile header.
* mbed TLS updated to 2.2.1.
* Improved SQL injection detection.
* Small bugfixes and improvements.- Changes for 10.0:
* Usage of Directory sections changed.
* Added support for RFC 5785.
* Added support for GZip compression. Removed the UseGZfile option.
* Added ECDSA support for TLS 1.0 and TLS 1.1.
* Replaced UrlToolkit Expire option with ExpirePeriod in Directory section.
* Replaced IgnoreDotHiawatha option with UseLocalConfig.
* Removed the VolatileObject option.
* Improved SQL injection detection.
* mbed TLS updated to 2.2.0.
* Small improvements.- Changes for 9.15:
* Support for WebSockets via reverse proxy.
* UNIX socket support for connections to WebSockets.
* Responsive design for directory index and error message.
* mbed TLS updated to 2.1.2.
* Fixed mbed TLS linking in CMake configuration.
* ListenBacklog option added.
* Small bugfixes.- Changes for 9.14:
* mbed TLS updated to 2.0.0.
* Small bugfixes.
* Bugfix: crash when sending very large request to FastCGI server.
* Sat Jun 20 2015 mpluskalAATTsuse.com- Fix rpmlint warnings
* add rcsymlink
* fix log directory permissions
* Mon Jun 15 2015 fisiuAATTopensuse.org- Update to 9.13:
* Renamed SSLcertFile to TLScertFile.
* Renamed RequireSSL to RequireTLS.
* Renamed SSL_
* CGI environment variables to TLS_
*.
* Renamed UrlToolkit option UseSSL to UseTLS.
* Replaced MinSSLversion by MinTLSversion.
* LogTimeouts option added.
* Added \'skip directories\' parameter to reverse proxy.
* Failed logins sent to Hiawatha Monitor.
* Small bugfix and improvements.
* Thu Feb 26 2015 fisiuAATTopensuse.org- Update to 9.12:
* Bugfix: memory leak in SSL library.
* Small bugfix.
* Tue Feb 03 2015 fisiuAATTopensuse.org- Update to 9.11:
* ChallengeClient option added.
* UrlToolkit options TotalConnections and OmitRequestLog added.
* Improvements to UrlToolkit and reverse proxy swap.
* UrlToolkit rules are also applied to PUT and DELETE.
* Small improvements.
* Sun Jan 11 2015 fisiuAATTopensuse.org- Update to 9.10:
* Support for banning bad clients who connect via a proxy.
* UrlToolkit option Do added. Changed how Call and Skip should be called.
* General UrlToolkit improvements. See config/toolkit.conf for syntax.
* Hiawatha now prefers reverse proxies with a scheme matching the one of the client connection. See config/toolkit.conf for syntax.
* Hiawatha will now first process UrlToolkit rules before using ReverseProxy.
* Small bugfixes and improvements.
* Sat Dec 13 2014 fisiuAATTopensuse.org- Update to 9.9:
* HTTPAuthToCGI option added.
* BanByCGI option added.
* Improved SSL ciphersuite selections.
* CAcertificates options added.
* Dropped support for SSL3.0.
* Small bugfixes and improvements.
* Sun Nov 02 2014 fisiuAATTopensuse.org- Update to 9.8:
* Added support for websockets. WebSocket option added.
* SSL key and certificate checks added to wigwam.
* Small bugfixes and improvements.