Releases: bunkerity/bunkerweb
v1.6.9-rc2
Documentation : https://docs.bunkerweb.io/1.6.9~rc2/
Docker tags :
- All-In-One :
bunkerity/bunkerweb-all-in-one:1.6.9-rc2orghcr.io/bunkerity/bunkerweb-all-in-one:1.6.9-rc2 - BunkerWeb :
bunkerity/bunkerweb:1.6.9-rc2orghcr.io/bunkerity/bunkerweb:1.6.9-rc2 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.9-rc2orghcr.io/bunkerity/bunkerweb-scheduler:1.6.9-rc2 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.9-rc2orghcr.io/bunkerity/bunkerweb-autoconf:1.6.9-rc2 - UI :
bunkerity/bunkerweb-ui:1.6.9-rc2orghcr.io/bunkerity/bunkerweb-ui:1.6.9-rc2 - API :
bunkerity/bunkerweb-api:1.6.9-rc2orghcr.io/bunkerity/bunkerweb-api:1.6.9-rc2
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.9~rc2&filter=all&dist=
Changelog :
- [BUGFIX] Update reCAPTCHA handling to use ANTIBOT_RECAPTCHA_CLASSIC variable instead of session data to determine whether to use the classic reCAPTCHA response format or the new one, ensuring consistent behavior regardless of session state.
- [BUGFIX] Rename command argument to plugin_command for clarity and to avoid conflicts with other command arguments with bwcli.
- [FEATURE] Add new
filesetting type to allow users to upload files directly from the web UI and use their content as values for settings. - [FEATURE] Add
Gandias a DNS provider in theletsencryptplugin - [FEATURE] Add
Hetzneras a DNS provider in theletsencryptplugin - [FEATURE] Add certificate authority selection in the
Let's Encryptplugin to allow users to choose betweenLet's EncryptandZeroSSLas the certificate authority for their certificates (Also added ZeroSSL specific settings). - [FEATURE] Add the possibility to whitelist/blacklist group of countries in the
Countryplugin. - [UI] Add override non-global services functionality in global settings
- [UI] Make data columns in the reports page non orderable to avoid issues
- [UI] Add control socket configuration for gunicorn
- [UI] Enhance multiselect dropdown functionality and update the type of multiple settings to use it
- [ALL-IN-ONE] Update CrowdSec version to 1.7.6
- [AUTOCONF] Update gateway and ingress status patching to handle multiple IP addresses and Handle NodePort services if a load balancer IP is not available.
- [API] Add control socket configuration for gunicorn
- [MISC] Change type of
CUSTOM_SSL_CERT_DATAandCUSTOM_SSL_KEY_DATAsettings tofileto allow users to upload their certificate and key files directly from the web UI. - [MISC] Update default value for Permissions-Policy header to include an additional feature (
gamepad). - [DEPS] Update ApexCharts.js version to v5.6.0
- [DEPS] Update i18next version to v25.8.10
- [DEPS] Updated zlib version to v1.3.2
- [DEPS] Updated libmaxminddb version to v1.13.1
- [CONTRIBUTION] Thank you Kn-ut99 for your contribution regarding the fix of a typo in the
Let's Encryptplugin's documentation.
Testing
The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.
Documentation : https://docs.bunkerweb.io/testing/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:testingorghcr.io/bunkerity/bunkerweb:testing - Scheduler :
bunkerity/bunkerweb-scheduler:testingorghcr.io/bunkerity/bunkerweb-scheduler:testing - Autoconf :
bunkerity/bunkerweb-autoconf:testingorghcr.io/bunkerity/bunkerweb-autoconf:testing - UI :
bunkerity/bunkerweb-ui:testingorghcr.io/bunkerity/bunkerweb-ui:testing
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=testing&filter=all&dist=
Please note that when using Linux Debian or Ubuntu integration, you will need to add the force-bad-version directive to your /etc/dpkg/dpkg.cfg file before installing the testing version of BunkerWeb.
v1.6.9-rc1
Documentation : https://docs.bunkerweb.io/1.6.9~rc1/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.9-rc1orghcr.io/bunkerity/bunkerweb:1.6.9-rc1 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.9-rc1orghcr.io/bunkerity/bunkerweb-scheduler:1.6.9-rc1 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.9-rc1orghcr.io/bunkerity/bunkerweb-autoconf:1.6.9-rc1 - UI :
bunkerity/bunkerweb-ui:1.6.9-rc1orghcr.io/bunkerity/bunkerweb-ui:1.6.9-rc1
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.9~rc1&filter=all&dist=
Changelog :
- [BUGFIX] Ensure variables are only added if they are defined in the environment file and are valid key-value pairs to prevent issues with malformed lines in the variables file.
- [BUGFIX] Add API token back for certbot hooks in environment configuration
- [FEATURE] Add ClouDNS DNS provider support to Let's Encrypt plugin
- [FEATURE] Add new
CLIENT_BODY_TIMEOUT,CLIENT_HEADER_TIMEOUT,KEEPALIVE_TIMEOUTandSEND_TIMEOUTsettings to control the corresponding NGINX timeouts, allowing better handling of long-lived connections and preventing unintended timeouts. - [FEATURE] Add a new
gRPCplugin to allow proxying gRPC traffic to upstream gRPC services with support for TLS, SNI, custom headers and retry policies. - [FEATURE] Make it possible to leave HTTP/HTTPS/STREAM/TLS ports empty to not listen on them.
- [AUTOCONF] Add experimental support for GRPCRoute in the Kubernetes integration to allow routing gRPC traffic based on Kubernetes Gateway API resources.
- [LINUX] Updated NGINX version to v1.28.2 for Fedora 42 and 43 integration
- [UI] Fix status for PHP plugin to not always be shown as activated
- [UI] Fix dark theme background for datatables actions
- [UI] Make it possible to edit settings with the
wizardmethod in the web UI - [UI] Enhance reports functionality with improved filter handling and data fetching
- [UI] Enhance home dashboard with new IP blocking metrics and improved tooltips
- [API] Fix redis sentinel issue when a password is set on the master node
- [MISC] Remove warning for uninitialized variables in default server configuration (as we control the configuration and we know that some variables may be uninitialized in some cases, especially for 400 errors)
v1.6.8
Documentation : https://docs.bunkerweb.io/1.6.8/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.8orghcr.io/bunkerity/bunkerweb:1.6.8 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.8orghcr.io/bunkerity/bunkerweb-scheduler:1.6.8 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.8orghcr.io/bunkerity/bunkerweb-autoconf:1.6.8 - UI :
bunkerity/bunkerweb-ui:1.6.8orghcr.io/bunkerity/bunkerweb-ui:1.6.8
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.8&filter=all&dist=
Changelog :
- [FEATURE] Add new
REVERSE_PROXY_REQUEST_BUFFERINGsetting to theReverse Proxyplugin to control request body buffering behavior when proxying requests (default:on) - [FEATURE] Enhance
Let's Encryptplugin to support concurrent certificate generation for multiple services via the newLETS_ENCRYPT_CONCURRENT_REQUESTSsetting (default:no) - [FEATURE] Add
GoDaddyas a DNS provider in theletsencryptplugin - [FEATURE] Add
TransIPas a DNS provider in theletsencryptplugin - [FEATURE] Add
Domeneshopas a DNS provider in theletsencryptplugin - [FEATURE] Add new
KEEP_CONFIG_ON_RESTARTglobal setting to control whether a temporary configuration should be generated on each restart or preserve the existing one (default:no) - [FEATURE] Refactor Templator engine to use Jinja2 for improved templating capabilities and maintainability
- [BUGFIX] Initialize is_whitelisted variable to 'no' in configuration files to avoid spam uninitialized messages in logs
- [BUGFIX] Reorganize insertion logic to prevent foreign key errors and improve order of operations in database when creating/updating plugins
- [BUGFIX] Fix robots.txt and list-based plugins (greylist/whitelist/blacklist/dnsbl) appending duplicate entries on subsequent requests by creating deep copies of internalstore data instead of using shared references
- [BUGFIX] Fix Redis database selection in web UI and bwcli by renaming
REDIS_DBtoREDIS_DATABASEwhen fetching the settings - [BUGFIX] Fix timezone discrepancies when checking for daily PRO plugin updates by normalizing dates to UTC
- [BUGFIX] Fix plugin deletion logic to correctly identify manually installed plugins so they are only removed when explicitly uninstalled
- [BUGFIX] Fix bug where updating a ban to a custom duration accidentally created a permanent ban
- [AUTOCONF] Add experimental Gateway API controller support (Gateway/HTTPRoute) and documentation
- [API] Add HTTP/2 support in Gunicorn configuration for improved performance and compatibility
- [API] Add CIDR annotations support for
FORWARDED_ALLOW_IPSandPROXY_ALLOW_IPSsettings and update the default values to common private network ranges - [UI] Change redirect status code from 302 to 303 in the web UI to follow best practices for redirection after form submissions
- [UI] Fix bug where updating a ban to a custom duration accidentally created a permanent ban
- [UI] Enhance map legend and color ramp for blocked requests visualization
- [UI] Enhance dark mode styles for news card elements
- [UI] Add CIDR annotations support for
FORWARDED_ALLOW_IPSandPROXY_ALLOW_IPSsettings and update the default values to common private network ranges - [UI] Add security mode in services table
- [UI] Implement services import functionality with drag-and-drop support
- [UI] Ensure UI service URL is properly formatted in setup loading route
- [UI] Enhance Redis report querying with filter parsing and chunked retrieval
- [UI] Update ace editor to version 1.43.5
- [UI] Enhance page titles to dynamically reflect current context and navigation state for improved user experience
- [LINUX] Enhance Easy Install script to detect if the epel-release should be installed or not for RHEL-family distros
- [LINUX] Check the installation type in the easy-install script to avoid issues when upgrading from an older version and the installation type is not
all-in-oneormanager - [LINUX] Enhance Easy Install script by adding an option to install a Redis server for data persistence and caching
- [DEPS] Update coreruleset-v4 version to v4.23.0
- [DEPS] Update coreruleset-v4 version to v4.22.0
- [DEPS] Update coreruleset-v3 version to v3.3.8
- [DEPS] Updated NGINX version to v1.28.2 (except for Fedora as it is not yet available)
- [DEPS] Updated lua-cjson version to v2.1.0.16
- [DEPS] Updated luajit2 version to v2.1-20260114
- [DEPS] Update lua-resty-openssl version to v1.7.1
- [DOCS] Add forward proxy configuration for outgoing traffic
- [MISC] Update Laurent Minne's blacklist's label and add the new one from DuggyTuxy Data-Shield IPv4 Blocklist
- [MISC] Add publiccode metadata file for open source compliance
- [CONTRIBUTION] Thank you rayshoo for your contribution regarding the
Koreantranslation of the web UI.
v1.6.8-rc3
Documentation : https://docs.bunkerweb.io/1.6.8~rc3/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.8-rc3orghcr.io/bunkerity/bunkerweb:1.6.8-rc3 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.8-rc3orghcr.io/bunkerity/bunkerweb-scheduler:1.6.8-rc3 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.8-rc3orghcr.io/bunkerity/bunkerweb-autoconf:1.6.8-rc3 - UI :
bunkerity/bunkerweb-ui:1.6.8-rc3orghcr.io/bunkerity/bunkerweb-ui:1.6.8-rc3
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.8~rc3&filter=all&dist=
Changelog :
- [FEATURE] Add new
REVERSE_PROXY_REQUEST_BUFFERINGsetting to theReverse Proxyplugin to control request body buffering behavior when proxying requests (default:on) - [BUGFIX] Initialize is_whitelisted variable to 'no' in configuration files to avoid spam uninitialized messages in logs
- [BUGFIX] Reorganize insertion logic to prevent foreign key errors and improve order of operations in database when creating/updating plugins
- [AUTOCONF] Add experimental Gateway API controller support (Gateway/HTTPRoute) and documentation
- [UI] Change redirect status code from 302 to 303 in the web UI to follow best practices for redirection after form submissions
- [UI] Fix bug where updating a ban to a custom duration accidentally created a permanent ban
- [UI] Enhance map legend and color ramp for blocked requests visualization
- [UI] Enhance dark mode styles for news card elements
- [UI] Add CIDR annotations support for
FORWARDED_ALLOW_IPSandPROXY_ALLOW_IPSsettings and update the default values to common private network ranges - [API] Add HTTP/2 support in Gunicorn configuration for improved performance and compatibility
- [API] Add CIDR annotations support for
FORWARDED_ALLOW_IPSandPROXY_ALLOW_IPSsettings and update the default values to common private network ranges - [MISC] Update Laurent Minne's blacklist's label and add the new one from DuggyTuxy Data-Shield IPv4 Blocklist
- [MISC] Add publiccode metadata file for open source compliance
v1.6.8-rc2
Documentation : https://docs.bunkerweb.io/1.6.8~rc2/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.8-rc2orghcr.io/bunkerity/bunkerweb:1.6.8-rc2 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.8-rc2orghcr.io/bunkerity/bunkerweb-scheduler:1.6.8-rc2 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.8-rc2orghcr.io/bunkerity/bunkerweb-autoconf:1.6.8-rc2 - UI :
bunkerity/bunkerweb-ui:1.6.8-rc2orghcr.io/bunkerity/bunkerweb-ui:1.6.8-rc2
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.8~rc2&filter=all&dist=
Changelog :
- [FEATURE] Enhance
Let's Encryptplugin to support concurrent certificate generation for multiple services via the newLETS_ENCRYPT_CONCURRENT_REQUESTSsetting (default:no), improving efficiency and reducing wait times during bulk operations - [FEATURE] Add
GoDaddyas a DNS provider in theletsencryptplugin - [FEATURE] Add
TransIPas a DNS provider in theletsencryptplugin - [FEATURE] Add
Domeneshopas a DNS provider in theletsencryptplugin - [FEATURE] Add new
KEEP_CONFIG_ON_RESTARTglobal setting to control whether a temporary configuration should be generated on each restart or preserve the existing one (default:no) - [BUGFIX] Fix robots.txt and list-based plugins (greylist/whitelist/blacklist/dnsbl) appending duplicate entries on subsequent requests by creating deep copies of internalstore data instead of using shared references
- [LINUX] Enhance Easy Install script to detect if the epel-release should be installed or not for RHEL-family distros
- [UI] Add security mode in services table
- [UI] Implement services import functionality with drag-and-drop support
- [UI] Ensure UI service URL is properly formatted in setup loading route
- [UI] Enhance Redis report querying with filter parsing and chunked retrieval
- [UI] Update ace editor to version 1.43.5
- [DEPS] Updated lua-cjson version to v2.1.0.16
- [CONTRIBUTION] Thank you rayshoo for your contribution regarding the
Koreantranslation of the web UI.
v1.6.8-rc1
Documentation : https://docs.bunkerweb.io/1.6.8~rc1/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.8-rc1orghcr.io/bunkerity/bunkerweb:1.6.8-rc1 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.8-rc1orghcr.io/bunkerity/bunkerweb-scheduler:1.6.8-rc1 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.8-rc1orghcr.io/bunkerity/bunkerweb-autoconf:1.6.8-rc1 - UI :
bunkerity/bunkerweb-ui:1.6.8-rc1orghcr.io/bunkerity/bunkerweb-ui:1.6.8-rc1
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.8~rc1&filter=all&dist=
Changelog :
- [FEATURE] Refactor Templator engine to use Jinja2 for improved templating capabilities and maintainability
- [BUGFIX] Fix Redis database selection in web UI and bwcli by renaming
REDIS_DBtoREDIS_DATABASEwhen fetching the settings - [BUGFIX] Fix timezone discrepancies when checking for daily PRO plugin updates by normalizing dates to UTC
- [BUGFIX] Fix plugin deletion logic to correctly identify manually installed plugins so they are only removed when explicitly uninstalled
- [LINUX] Check the installation type in the easy-install script to avoid issues when upgrading from an older version and the installation type is not
all-in-oneormanager - [LINUX] Enhance Easy Install script by adding an option to install a Redis server for data persistence and caching
- [UI] Enhance page titles to dynamically reflect current context and navigation state for improved user experience
- [DEPS] Update coreruleset-v3 version to v3.3.8
- [DEPS] Update coreruleset-v4 version to v4.22.0
- [DEPS] Updated luajit2 version to v2.1-20260114
- [DEPS] Update lua-resty-openssl version to v1.7.1
v1.6.7
Documentation : https://docs.bunkerweb.io/1.6.7/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.7orghcr.io/bunkerity/bunkerweb:1.6.7 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.7orghcr.io/bunkerity/bunkerweb-scheduler:1.6.7 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.7orghcr.io/bunkerity/bunkerweb-autoconf:1.6.7 - UI :
bunkerity/bunkerweb-ui:1.6.7orghcr.io/bunkerity/bunkerweb-ui:1.6.7
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.7&filter=all&dist=
Changelog :
- [FEATURE] Enhance SSL/TLS negotiation by implementing dynamic ECDH curve resolution, enabling more flexible and secure key exchange configurations in preparation for post-quantum cryptography (X25519MLKEM768) with OpenSSL 3.5+
- [FEATURE] Implement automatic LRU cache eviction in the metrics module to prevent memory exhaustion by purging least-recently-used elements when capacity is reached
- [FEATURE] Optimize Redis connection handling by reusing pooled connections in Lua timers for improved performance and reduced overhead
- [FEATURE] Refactor logging setup across multiple modules to be able to send logs to a syslog server and have multiple handlers at the same time
- [FEATURE] Allow configuration of whether Base64 decoding should be applied to DNS credentials via the new
LETS_ENCRYPT_DNS_CREDENTIAL_DECODE_BASE64setting in theLet's Encryptplugin (default isyes) - [FEATURE] Add new
ACCESS_LOGandERROR_LOGsettings to configure access and error log destinations for BunkerWeb's instance - [FEATURE] Refactor
Auth Basicplugin so Lua now hashes credentials with salted scrypt (CSPRNG-only) and verifies them in constant time. - [FEATURE] Updated
Bad Behaviorplugin to automatically apply bans made by the default server globally across all services, enhancing security by ensuring that IPs exhibiting bad behavior are consistently blocked. - [FEATURE] Add the possibility to have draft custom configurations that are not applied to the service until they are explicitly published. Draft custom configurations are indicated in the web UI and can be toggled between draft and online status.
- [FEATURE] Add new
SSL_SESSION_CACHE_SIZEsetting to the SSL plugin to allow configuration of the size of the SSL session cache (e.g.,10m,512k). Setting it tooffornonedisables session caching (default is10m). - [FEATURE] Enhance the Antibot plugin to better handle redirection back to the original request path after a successful challenge by checking the
Refererheader, ensuring users are redirected to meaningful content rather than static files or other unintended destinations - [FEATURE] Add the possibility to tweak custom configurations created from the web UI or API manually
- [FEATURE] Allow customizing plugin execution order via new
PLUGINS_ORDER_*settings (space-separated plugin IDs; multisite-aware per phase) - [BUGFIX] Fix wrong modsecurity reason data under heavy load
- [BUGFIX] Fix wrong certificate name checks in Let's Encrypt
- [BUGFIX] Fix issues with Let's Encrypt's HTTP challenge on Linux HA integrations
- [BUGFIX] Fix issues with the Ingress controller regarding reverse proxy settings when using multiple paths per rule and a template by adjusting the indexing logic to be configurable via the new
KUBERNETES_REVERSE_PROXY_SUFFIX_STARTsetting (default is1to keep backward compatibility) - [BUGFIX] Escape percentage signs in
DATABASE_URIfor Alembic when using the SQLAlchemy URL configuration to prevent formatting errors during migrations - [BUGFIX] Fix issues with
Autoconfcontrollers persisting old instances after they have been deleted from the orchestrator. - [UI] Restrict flash messages containing sensitive information to authenticated users only
- [UI] Enhance breadcrumb navigation and filtering on custom configuration pages for improved user experience
- [UI] Enhance service configuration handling during edits and renames to ensure consistency and prevent data loss
- [UI] Enhance session management with Redis support and configurable session lifetime
- [UI] Renamed "Global Configuration" to "Global Settings" in the web UI for clarity
- [UI] Address CSRF token issues in the web UI when not connecting through BunkerWeb
- [UI] Add the possibility to provide a certificate and a key so that the web UI can be served over HTTPS (without requiring a reverse proxy)
- [UI] Fix occasional flash of the light mode on the loading page when using dark mode
- [API] Refactor rate limiting to be more user-friendly and configurable via settings
- [ALL-IN-ONE] Update CrowdSec version to 1.7.4
- [LINUX] Support Fedora 43
- [LINUX] Updated NGINX version to v1.28.1 for Fedora 42 and 43 integration
- [LINUX] Update version retrieval for RPM packaging to ensure correct sorting for release candidates
- [LINUX] Drop support of Fedora 41
- [DEPS] Updated NGINX version to v1.28.1 for all integrations
- [DEPS] Updated Modsecurity nginx connector version to 1.0.4
- [DEPS] Updated luajit2 version to v2.1-20251229
- [DEPS] Update lua-resty-session version to v4.1.5
- [DEPS] Update coreruleset-v4 version to v4.21.0
- [DEPS] Updated zlib version to v1.3.1.2
- [DOCS] Add Easy Resolve PRO plugin video tutorial link to the documentation
- [DOCS] Add documentation about the new logging settings and how to configure them
- [DOCS] Update database compatibility matrix
- [DOCS] Refactor API documentation to include new API features and improve clarity
- [DOCS] Add documentation about the new "Custom Pages" PRO plugin
- [DOCS] Refactor web UI documentation to improve clarity
v1.6.7-rc2
Documentation : https://docs.bunkerweb.io/1.6.7~rc2/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.7-rc2orghcr.io/bunkerity/bunkerweb:1.6.7-rc2 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.7-rc2orghcr.io/bunkerity/bunkerweb-scheduler:1.6.7-rc2 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.7-rc2orghcr.io/bunkerity/bunkerweb-autoconf:1.6.7-rc2 - UI :
bunkerity/bunkerweb-ui:1.6.7-rc2orghcr.io/bunkerity/bunkerweb-ui:1.6.7-rc2
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.7~rc2&filter=all&dist=
Changelog :
- [BUGFIX] Fix wrong certificate name checks in Let's Encrypt
- [BUGFIX] Fix issues with Let's Encrypt's HTTP challenge on Linux HA integrations
- [FEATURE] Implement automatic LRU cache eviction in the metrics module to prevent memory exhaustion by purging least-recently-used elements when capacity is reached
- [FEATURE] Optimize Redis connection handling by reusing pooled connections in Lua timers for improved performance and reduced overhead
- [LINUX] Updated NGINX version to v1.28.1 for Fedora 42 and 43 integration
- [ALL-IN-ONE] Update CrowdSec version to 1.7.4
- [DEPS] Updated luajit2 version to v2.1-20251229
v1.6.7-rc1
Documentation : https://docs.bunkerweb.io/1.6.7~rc1/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.7~rc1orghcr.io/bunkerity/bunkerweb:1.6.7~rc1 - Scheduler :
bunkerity/bunkerweb-scheduler:1.6.7~rc1orghcr.io/bunkerity/bunkerweb-scheduler:1.6.7~rc1 - Autoconf :
bunkerity/bunkerweb-autoconf:1.6.7~rc1orghcr.io/bunkerity/bunkerweb-autoconf:1.6.7~rc1 - UI :
bunkerity/bunkerweb-ui:1.6.7~rc1orghcr.io/bunkerity/bunkerweb-ui:1.6.7~rc1
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.7~rc1&filter=all&dist=
Changelog :
- [FEATURE] Refactor logging setup across multiple modules to be able to send logs to a syslog server and have multiple handlers at the same time
- [FEATURE] Allow configuration of whether Base64 decoding should be applied to DNS credentials via the new
LETS_ENCRYPT_DNS_CREDENTIAL_DECODE_BASE64setting in theLet's Encryptplugin (default isyes) - [FEATURE] Add new
ACCESS_LOGandERROR_LOGsettings to configure access and error log destinations for BunkerWeb's instance - [FEATURE] Refactor
Auth Basicplugin so Lua now hashes credentials with salted scrypt (CSPRNG-only) and verifies them in constant time. - [FEATURE] Updated
Bad Behaviorplugin to automatically apply bans made by the default server globally across all services, enhancing security by ensuring that IPs exhibiting bad behavior are consistently blocked. - [FEATURE] Add the possibility to have draft custom configurations that are not applied to the service until they are explicitly published. Draft custom configurations are indicated in the web UI and can be toggled between draft and online status.
- [FEATURE] Add new
SSL_SESSION_CACHE_SIZEsetting to the SSL plugin to allow configuration of the size of the SSL session cache (e.g.,10m,512k). Setting it tooffornonedisables session caching (default is10m). - [FEATURE] Enhance the Antibot plugin to better handle redirection back to the original request path after a successful challenge by checking the
Refererheader, ensuring users are redirected to meaningful content rather than static files or other unintended destinations - [FEATURE] Add the possibility to tweak custom configurations created from the web UI or API manually
- [FEATURE] Allow customizing plugin execution order via new
PLUGINS_ORDER_*settings (space-separated plugin IDs; multisite-aware per phase) - [BUGFIX] Fix issues with the Ingress controller regarding reverse proxy settings when using multiple paths per rule and a template by adjusting the indexing logic to be configurable via the new
KUBERNETES_REVERSE_PROXY_SUFFIX_STARTsetting (default is1to keep backward compatibility) - [BUGFIX] Escape percentage signs in
DATABASE_URIfor Alembic when using the SQLAlchemy URL configuration to prevent formatting errors during migrations - [BUGFIX] Fix issues with
Autoconfcontrollers persisting old instances after they have been deleted from the orchestrator. - [UI] Enhance service configuration handling during edits and renames to ensure consistency and prevent data loss
- [UI] Enhance session management with Redis support and configurable session lifetime
- [UI] Renamed "Global Configuration" to "Global Settings" in the web UI for clarity
- [UI] Address CSRF token issues in the web UI when not connecting through BunkerWeb
- [UI] Add the possibility to provide a certificate and a key so that the web UI can be served over HTTPS (without requiring a reverse proxy)
- [UI] Fix occasional flash of the light mode on the loading page when using dark mode
- [API] Refactor rate limiting to be more user-friendly and configurable via settings
- [LINUX] Support Fedora 43
- [LINUX] Update version retrieval for RPM packaging to ensure correct sorting for release candidates
- [DOCS] Add documentation about the new logging settings and how to configure them
- [DOCS] Update database compatibility matrix
- [DOCS] Refactor API documentation to include new API features and improve clarity
- [DOCS] Add documentation about the new "Custom Pages" PRO plugin
- [DOCS] Refactor web UI documentation to improve clarity
- [DEPS] Update lua-resty-session version to v4.1.5
- [DEPS] Update coreruleset-v4 version to v4.21.0
- [DEPS] Updated zlib version to v1.3.1.2