v2.14.1

What's Changed

• feat: support JSON structured log formatting by @pehlicd in #179

New Contributors

• @pehlicd made their first contribution in #179

Full Changelog: v2.14.0...v2.14.1

v2.14.0

What's Changed

• chore(ci): tweak codecov configuration by @mccutchen in #168
• add appProcotol to the k8s service for port name 'http' by @bcollard in #169
• fix: mitigate allowed redirect domain bypass by @mccutchen in #174

🔐 Security fix 🔐

This release fixes a bug that allowed clients to bypass the -allowed-redirect-domains/ALLOWED_REDIRECT_DOMAINS configuration used by the /redirect-to endpoint by passing an absolute URL without a scheme (e.g. /redirect-to?url=//evil.com).

See #173 and #174 for details about the issue and the fix, and see the Production Considerations section of the README for more info on why that configuration is important.

New Contributors

• @bcollard made their first contribution in #169

Full Changelog: v2.13.4...v2.14.0

v2.13.4

What's Changed

• feat: support Fastly and Akamai headers for client IP addr by @haccht in #167

New Contributors

• @haccht made their first contribution in #167

Full Changelog: v2.13.3...v2.13.4

v2.13.3

What's Changed

• chore(ci): simplify CI config by @mccutchen in #164
• chore(ci): fix codecov configuration by @mccutchen in #165
• feat: add a kustomize base to the repository by @james-callahan in #144
• feat: allow POST, PUT, DELETE, PATCH methods on /basic-auth endpoint by @mgeuer in #166

New Contributors

• @james-callahan made their first contribution in #144
• @mgeuer made their first contribution in #166

Full Changelog: v2.13.2...v2.13.3

v2.13.2

What's Changed

• feat: /status endpoint supports weighted choice from multiple status codes by @mccutchen in #162

Full Changelog: v2.13.1...v2.13.2

v2.13.1

What's Changed

• fix: websocket conns do not require Connection: upgrade header by @mccutchen in #161

Full Changelog: v2.13.0...v2.13.1

v2.13.0

✨ Highlights ✨

• New /websocket/echo endpoint that implements a basic, conformant WebSocket echo server, useful for testing more advanced HTTP proxy use cases or WebSocket client implementations
• New /sse endpoint that implements a simple Server-Sent Events stream, useful for testing more advanced HTTP proxy use cases
• Support for serving go-httpbin under a path prefix (thanks @waschik!)

What's Changed

• chore: update linting configuration by @mccutchen in #154
• feat: add /websocket/echo endpoint by @mccutchen in #155
• fix: ensure websocket conns respect max duration by @mccutchen in #156
• fix: silence annoying network permission popups on macos by @mccutchen in #157
• chore: minor refactor of base64 handling by @mccutchen in #158
• feat: support serving under a path prefix by @waschik in #120
• docs: update EXCLUDE_HEADERS documentation by @mccutchen in #159
• feat: add /sse endpoint to test Server-Sent Events by @mccutchen in #160

New Contributors

• @waschik made their first contribution in #120

Full Changelog: v2.12.0...v2.13.0

v2.12.0

What's Changed

• fix: /base64 endpoint decodes both URL-safe and standard b64 encodings by @mccutchen in #153

Full Changelog: v2.11.1...v2.12.0

v2.11.1

What's Changed

• chore: upgrade to Go 1.21 by @harryzcy in #143
• feat: special case CloudFlare client IP addrs by @vanodevium in #148

New Contributors

• @harryzcy made their first contribution in #143
• @vanodevium made their first contribution in #148

Full Changelog: v2.11.0...v2.11.1

v2.11.0

What's Changed

• Add tests for correct handling of Expect: 100-continue by @mccutchen in #138
• Allow filtering incoming request headers using -exclude-headers/EXCLUDE_HEADERS by @bytemain in #139

New Contributors

• @bytemain made their first contribution in #139

Full Changelog: v2.10.0...v2.11.0