* Tue May 08 2018 fisiu@opensuse.org
- Update to version 10.8.1.:
* Removed support for secp192r1 and secp192k1 curves, to make it PCI DSS
compliant out of the box.
* Small improvements to Let's Encrypt ACMEv2 script.
* Mon Mar 26 2018 fisiu@opensuse.org
- Ship Let's Encrypt script within subpackage.
* Mon Mar 26 2018 fisiu@opensuse.org
- Add firewalld config files for Leap/SLE >= 15 and TW.
* Mon Mar 26 2018 fisiu@opensuse.org
- Update to version 10.8:
* New Let's Encrypt script that supports ACME v2.
* Added Syslog option.
* Added GZipExtensions option.
* AllowDotFiles now used to show hidden files in directory listings.
* Removed support for static RSA ciphers.
* Hiawatha log format changed.
* Small improvements.
* Bugfix: certain characters in filenames disrupted directory index output.
* Bugfix: requesting non-regular files now results in a 403 instead of
blocking that thread.
* Sat Feb 17 2018 fisiu@opensuse.org
- Fix build with mbedtls 2.7.0.
* Tue Oct 24 2017 fisiu@opensuse.org
- Update to version 10.7:
* Connect to a Unix socket via a reverse proxy.
* Added BlockExtensions setting.
* Small improvements.
* Bugfix: error in handling renewal scripts in Let's Encrypt script.
* Sat Jun 17 2017 fisiu@opensuse.org
- Update to version 10.6:
* Added PublicKeyPins option.
* Added renewal-scripts to Let's Encrypt script.
* Small changes to CMake build system.
* Added CustomHeaderBackend option.
* Renamed CustomHeader option to CustomHeaderClient. Old name still works.
* Hiawatha ignores FileHashes and ReverseProxy for Let's Encrypt
authentication requests.
* Small improvements and bugfixes.
* Tue Nov 15 2016 mpluskal@suse.com
- Update to version 10.4:
* SkipCacheCookie option added.
* Added Systemd init script to Debian package.
* Small improvements and bugfixes.
- Small packaging changes and requirements update
* Sun Oct 02 2016 fisiu@opensuse.org
- Build fails with mbedtls < 2.
* Sat Aug 27 2016 mpluskal@suse.com
- Update to version 10.3:
* PreventCSRF, PreventSQLi and PreventXSS improved.
* Prevention of MySQL data mining via SQL injection.
* Added revoke option to Let's Encrypt script.
* Hiawatha ignores RequireTLS for Let's Encrypt authentication
requests.
* Small bugfixes and improvements.
* Bugfix: possible HTTP request pipelining error after CSRF
prevented.
- Changes for version 10.2:
* Added Let's Encrypt script (see extra/letsencrypt).
* Added support for requesting Let's Encrypt certificates (see
AccessList and PasswordFile settings in manual page).
* Small improvements.
* Bugfix: HideProxy not working for Forwarded header.
- Changes for 10.1:
* Added Extensions setting.
* Added support for X-Sendfile header.
* mbed TLS updated to 2.2.1.
* Improved SQL injection detection.
* Small bugfixes and improvements.
- Changes for 10.0:
* Usage of Directory sections changed.
* Added support for RFC 5785.
* Added support for GZip compression. Removed the UseGZfile
option.
* Added ECDSA support for TLS 1.0 and TLS 1.1.
* Replaced UrlToolkit Expire option with ExpirePeriod in
Directory section.
* Replaced IgnoreDotHiawatha option with UseLocalConfig.
* Removed the VolatileObject option.
* Improved SQL injection detection.
* mbed TLS updated to 2.2.0.
* Small improvements.
- Changes for 9.15:
* Support for WebSockets via reverse proxy.
* UNIX socket support for connections to WebSockets.
* Responsive design for directory index and error message.
* mbed TLS updated to 2.1.2.
* Fixed mbed TLS linking in CMake configuration.
* ListenBacklog option added.
* Small bugfixes.
- Changes for 9.14:
* mbed TLS updated to 2.0.0.
* Small bugfixes.
* Bugfix: crash when sending very large request to FastCGI
server.
* Sat Jun 20 2015 mpluskal@suse.com
- Fix rpmlint warnings
* add rcsymlink
* fix log directory permissions
* Mon Jun 15 2015 fisiu@opensuse.org
- Update to 9.13:
* Renamed SSLcertFile to TLScertFile.
* Renamed RequireSSL to RequireTLS.
* Renamed SSL_* CGI environment variables to TLS_*.
* Renamed UrlToolkit option UseSSL to UseTLS.
* Replaced MinSSLversion by MinTLSversion.
* LogTimeouts option added.
* Added 'skip directories' parameter to reverse proxy.
* Failed logins sent to Hiawatha Monitor.
* Small bugfix and improvements.
* Thu Feb 26 2015 fisiu@opensuse.org
- Update to 9.12:
* Bugfix: memory leak in SSL library.
* Small bugfix.
* Tue Feb 03 2015 fisiu@opensuse.org
- Update to 9.11:
* ChallengeClient option added.
* UrlToolkit options TotalConnections and OmitRequestLog added.
* Improvements to UrlToolkit and reverse proxy swap.
* UrlToolkit rules are also applied to PUT and DELETE.
* Small improvements.
* Sun Jan 11 2015 fisiu@opensuse.org
- Update to 9.10:
* Support for banning bad clients who connect via a proxy.
* UrlToolkit option Do added. Changed how Call and Skip should be called.
* General UrlToolkit improvements. See config/toolkit.conf for syntax.
* Hiawatha now prefers reverse proxies with a scheme matching the one of the
client connection. See config/toolkit.conf for syntax.
* Hiawatha will now first process UrlToolkit rules before using ReverseProxy.
* Small bugfixes and improvements.
* Sat Dec 13 2014 fisiu@opensuse.org
- Update to 9.9:
* HTTPAuthToCGI option added.
* BanByCGI option added.
* Improved SSL ciphersuite selections.
* CAcertificates options added.
* Dropped support for SSL3.0.
* Small bugfixes and improvements.
* Sun Nov 02 2014 fisiu@opensuse.org
- Update to 9.8:
* Added support for websockets. WebSocket option added.
* SSL key and certificate checks added to wigwam.
* Small bugfixes and improvements.
* Wed Sep 10 2014 jengelh@inai.de
- Avoid generating libpolarssl.so.7, which led to "have choice
for libpolarssl.so.7: libpolarssl7 hiawatha" and make other
polarssl-using applications not run in practice because the
library is in a non-standard directory, yet discovered by rpm
as a provider.
* Sun Sep 07 2014 fisiu@opensuse.org
- Update to 9.7:
* UseToolkit now possible in .hiawatha file at root of website.
* Method option added to URL Toolkit.
* SetResourceLimit option added.
* ThreadKillRate option added.
* Improved SQL injection detection.
* Default value for DHsize set to 2048.
* PolarSSL updated to version 1.3.8.
* Memory allocation debugger module added.
* Small bugfixes and improvements.
* Bugfix: incorrect file hash printing by wigwam with directory as symlink.
* Sun Jun 08 2014 fisiu@opensuse.org
- Update to 9.6:
* Logfile rotation for access logfiles.
* HTTP Strict Transport Security header made optional for RequireSSL.
* Support for chunked transfer encoded requests (not for PUT).
* Support for improved server statistics in Hiawatha Monitor.
* The Hiawatha Monitor is now supported without the need for XSLT.
* PolarSSL updated to version 1.3.7.
* A few bugfixes as reported by Coverity.
* Bugfix: SQL injection detection was broken since 8.6.
* Bugfix: XSS detection didn't work for reverse proxy.
* Small bugfixes.
Version: 10.11-bp154.1.29
* Wed Aug 19 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Thu Jul 16 2020 Mariusz Fik <fisiu@opensuse.org>
- Update to version 10.11:
* Default value of MinTLSversion set to 1.2.
* Small bugfixes.
- Changes from 10.10:
* Removed several build options. Functionalities are now always enabled.
* Updated Let's Encrypt script due to changes in the API.
* Bugfix: AlterMode not working correctly.
* Wed Jul 24 2019 matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html