CHANGELOG.md

Changelog

v1.5.11 - ????/??/??

• [BUGFIX] Fix INTERCEPTED_ERROR_CODES to allow empty value
• [UI] Fix missing settings when a service is published online
• [UI] Fix instances always down in instances page
• [AUTOCONF] Fix BW env vars not retrieved
• [AUTOCONF] Fix deadlock on k8s events when there is no ingress
• [LINUX] Increase default worker dict size to avoid crash on RPI
• [MISC] Add WORKERLOCK_MEMORY_SIZE setting for worker dict size
• [MISC] Add API_TIMEOUT and API_READ_TIMEOUT settings to control API timeouts
• [DEPS] Updated coreruleset-v4 version to v4.8.0
• [DEPS] Updated coreruleset-v3 version to v3.3.7

v1.5.10 - 2024/09/17

• [UI] Fix setup wizard bug related to certificate
• [UI] Fix bug when adding more than 3 reverse proxies URLs
• [UI] Fix wrong type for REVERSE_PROXY_SSL_SNI_NAME setting
• [BUGFIX] Add HTTP3 specific modsec rule in web UI to avoid false positives
• [BUGFIX] Fix missing scheduler logs in Linux integration
• [BUGFIX] Add missing REPORT HTTP method to ALLOWED_METHODS setting
• [DEPS] Updated NGINX version to v1.26.2
• [DEPS] Updated LuaJIT version to v2.1-20240815
• [DEPS] Updated libmaxminddb version to v1.11.0
• [DEPS] Updated lua-cjson to latest commit for the version v2.1.0.14
• [DEPS] Updated lua-nginx-module version to v0.10.27
• [DEPS] Updated lua-resty-core version to v0.1.29
• [DEPS] Updated lua-resty-lrucache version to v0.14
• [DEPS] Updated lua-resty-openssl version to v1.5.1
• [DEPS] Updated lua-resty-signal version to v0.04
• [DEPS] Updated lua-resty-string version to v0.16
• [DEPS] Updated stream-lua-nginx-module version to v0.0.15
• [DEPS] Updated coreruleset-v4 version to v4.6.0
• [DEPS] Updated coreruleset-v3 version to v3.3.6
• [DEPS] Updated ModSecurity version to v3.0.13
• [DEPS] Start managing Mbed TLS as a dependency for ModSecurity (v3.6.1)

v1.5.9 - 2024/07/22

• [BUGFIX] Fix compatibility issues with mysql 8.4+ version and the backup plugin by adding the mariadb-connector-c dependency to the scheduler Dockerfile (on alpine)
• [BUGFIX] Fix potential issues with multiple settings in helpers.load_variables when multiple settings have the same suffix (the issue is only present in future external plugins)
• [BUGFIX] Fix issues with kubernetes integration when were setting a global multisite setting it was not applied to the services
• [FEATURE] Add REVERSE_PROXY_SSL_SNI and REVERSE_PROXY_SSL_SNI_NAME to support SNI-based upstreams
• [UI] Update web UI setup wizard to handle when a reverse proxy already exists but no admin user is configured
• [UI] Fix issues with multiple settings on the global_config not being able to be deleted in specific cases
• [AUTOCONF] Fix issues with globally set settings overridden by default values not being saved correctly in database
• [LINUX] Update Linux repository to repo.bunkerweb.io
• [SECURITY] Update security headers in default pages and error pages for improved security
• [DEPS] Updated LuaJIT version to v2.1-20240626
• [DEPS] Updated coreruleset-v4 version to v4.5.0

v1.5.8 - 2024/06/19

• [LINUX] Support Fedora 40 and drop support of Fedora 39
• [BUGFIX] Fix potential errors when upgrading from a previous version
• [BUGFIX] Fix rare bug on the web UI when editing the SERVER_NAME setting of a service
• [BUGFIX] Fix potential race conditions between the autoconf and the scheduler waiting for each other indefinitely
• [BUGFIX] Fix Let's Encrypt certificate renewal when a certificate date changes by forcing the renewal
• [BUGFIX] Fix issues with k8s integration and the save_config.py script
• [FEATURE] Add nightly build of the OWASP coreruleset that are automatically downloaded and updated
• [FEATURE] Enhance security on error pages, default server page and loading page by adding a custom Content-Security-Policy header with nonces and removing the Server header
• [FEATURE] Add new DATABASE_URI_READONLY setting to allow setting up a fallback read-only database URI in case the main database URI is not available
• [FEATURE] Add automatic fallback to either read-only on the primary database or to the read-only database URI when the main database URI is not available and automatically switch back to the main database URI when it becomes available again
• [FEATURE] Add experimental support of HTTP/3 (QUIC)
• [FEATURE] Optimize the way the scheduler handles jobs and the way the jobs are executed
• [FEATURE] Optimize the way the cache files are being refreshed from the database
• [FEATURE] Add failover logic in case the NGINX configuration is not valid to fallback to the previous configuration and log the error to prevent the service from being stopped
• [UI] Force HTTPS on setup wizard
• [UI] Fallback to self-signed certificate when UI is installed with setup wizard and let's encrypt is not used
• [UI] Force HTTPS even if UI is installed in advanced mode
• [UI] Add OVERRIDE_ADMIN_CREDS environment variable to allow overriding the default admin credentials even if an admin user already exists
• [UI] Optimize the way the UI handles the requests and the responses
• [AUTOCONF] Refactor Autoconf config parsing and saving logic so that it doesn't override the scheduler or UI config every time
• [MISC] Update logger format and datefmt for better readability
• [DEPS] Updated NGINX version to v1.26.1
• [DEPS] Updated stream-lua-nginx-module version to the latest commit to incorporate the latest changes and fixes for NGINX v1.26
• [DEPS] Updated coreruleset-v4 version to v4.3.0
• [DEPS] Updated lua-resty-openssl version to v1.4.0

v1.5.7 - 2024/05/14

• [LINUX] Support Ubuntu 24.04 (Noble)
• [LINUX] Support RHEL 9.4 instead of 9.3
• [LINUX] Support hot reload with systemctl reload
• [BUGFIX] Fix rare error when the cache is not properly initialized and jobs are executed
• [BUGFIX] Fix bug when downloading new mmdb files
• [BUGFIX] Remove potential false positives with ModSecurity on the jobs page of the web UI
• [BUGFIX] Fix bwcli not working with Redis sentinel
• [BUGFIX] Fix potential issues when removing the bunkerweb Linux package
• [BUGFIX] Fix bug when antibot is enabled and User-Agent or IP address has changed
• [FEATURE] Add backup plugin to backup and restore easily the database
• [FEATURE] Add LETS_ENCRYPT_CLEAR_OLD_CERTS setting to control if old certificates should be removed when generating Let's Encrypt certificates (default is no)
• [FEATURE] Add DISABLE_DEFAULT_SERVER_STRICT_SNI setting to allow/block requests when SNI is unknown or unset (default is no)
• [UI] General : fix tooltip crop because of overflow
• [UI] General : fix select setting crop because of overflow and check if select is out of viewport to determine visible position
• [UI] General : show logs on UI when pre rendering issue
• [UI] General : Improve UI performance by using multiple workers for the web server and reducing the number of times we prompt a loading page
• [UI] General : handle word breaks on dynamic text content
• [UI] General : fix overflow issue with tables on Safari
• [UI] General : fix static resources issue with firefox leading to loop requests
• [UI] Global config : fix script error while fragment relate to a missing plugin
• [UI] Global config / services page : filtering settings now open plugin select to highlight remaining plugin
• [UI] Global config / services page : add combobox on plugin select open to search a plugin quick
• [UI] Global config / services page : add order for settings to always respect the order defined in the plugin
• [UI] Services page : show any invalid setting value on setting modal and disabled save if case
• [UI] Reporting page : fix missing data and add new ones
• [UI] Account page : keep license key form even if pro register to easy update
• [UI] Wizard : Add the possibility to still configure reverse proxy even if an admin user already exists
• [AUTOCONF] Speedup autoconf process when we have multiple events in short period of time
• [DOCUMENTATION] Add upgrade procedure for 1.5.7+
• [DOCUMENTATION] Rename Migrating section to Upgrading
• [MISC] Drop support of ansible and vagrant integrations
• [MISC] Support custom bwcli commands using plugins
• [MISC] Add Docker labels in autoconf, bw, scheduler, and ui Dockerfiles
• [DEPS] Update Python base Docker image to version 3.12.3-alpine3.19
• [DEPS] Updated LuaJIT version to v2.1-20240314
• [DEPS] Updated lua-resty-openssl version to 1.3.1
• [DEPS] Updated coreruleset-v4 version to v4.2.0

v1.5.6 - 2024/03/25

• [LINUX] Support RHEL 9.3
• [BUGFIX] Fix issues with the antibot feature (#866, #870)
• [BUGFIX] Fix Bad behavior whitelist check in access phase
• [BUGFIX] Fix ModSecurity FP on antibot page
• [BUGFIX] Fix Whitelist core plugin missing a check for empty server_name in multisite mode
• [BUGFIX] Fix Templator missing some common configs
• [BUGFIX] Database update with external plugins reupload
• [BUGFIX] UI delete or edit multiple setting
• [LINUX] Add logrotate support for the logs
• [UI] New : add bans management page in the web UI
• [UI] New : add blocked requests page in the web UI
• [UI] New : some core plugins pages in the web UI
• [UI] General : enhance the Content-Security-Policy header in the web UI
• [UI] General : dark mode enhancement
• [UI] General : add visual feedback when filtering is matching nothing
• [UI] General : blog news working and add dynamic banner news
• [UI] Global config page : Add multisite edit, add context filter
• [UI] Global config / Service page : remove tabs for select and enhance filtering (plugin name, multiple settings and context now includes)
• [UI] Service page : add the possibility to clone a service in the web UI
• [UI] Service page : add the possibility to set a service as draft in the web UI
• [UI] Service page : add services filter when at least 4 services
• [UI] Configs page : add path filtering related to config presence, remove service when config is root only
• [UI] Pro license : add home card, show pro plugins on menu and plugins page, resume in account page, alert in case issue with license usage
• [UI] Log page : enhance UX
• [FEATURE] Add setting REDIS_SSL_VERIFY to activate/disable the SSL certificate verification when using Redis
• [FEATURE] Add Redis Sentinel fallback to master automatically if no slaves are available
• [FEATURE] Add Redis Sentinel support for bwcli
• [FEATURE] Add new Metrics core plugin that will allow metrics collection and retrieval of internal metrics
• [FEATURE] Add setting DATABASE_LOG_LEVEL to control SQLAlchemy loggers separately from the main one
• [FEATURE] Add whitelist check for the default-server as well
• [FEATURE] Add the possibility to choose between the coreruleset v3 and v4 that will be used by ModSecurity (default is v3)
• [FEATURE] Add the TIMERS_LOG_LEVEL setting to control the log level of the lua timers
• [FEATURE] Add pro version management to core plugins, the scheduler and the web UI
• [FEATURE] Add REVERSE_PROXY_CUSTOM_HOST setting to set a custom Host header when using reverse proxy
• [MISC] Add a better custom certificate cache handling
• [MISC] Updated Linux base images in Dockerfiles
• [MISC] Add recommended dialects to databases string
• [MISC] Refine the data sent in the anonymous reporting feature and move the setting and the job to the "jobs" plugin
• [MISC] BunkerWeb will now load the default loading page even on 404 errors when generating the configuration
• [MISC] Update database schema to support the new pro version and optimize it
• [MISC] Refactor SSL/TLS logics to make it more consistent
• [MISC] Use ECDSA key instead of RSA for selfsigned/default/fallback certificates
• [MISC] Refactor certbot-new job to optimize the certbot requests
• [MISC] Refactor jobs utils to make it more consistent
• [MISC] Review jobs and utils to make it more consistent and better in general
• [MISC] Change BunkerWeb base Docker image to nginx:1.24.0-alpine-slim
• [DOCUMENTATION] Update web UI's setup wizard instructions in the documentation
• [DOCUMENTATION] Update plugins documentation to reflect the new plugin system
• [DOCUMENTATION] Update ModSecurity documentation to reflect the new changes in the Security Tuning section
• [DOCUMENTATION] Add pro version documentation
• [DEPS] Updated stream-lua-nginx-module to v0.0.14
• [DEPS] Updated lua-nginx-module version to v0.10.26
• [DEPS] Updated libmaxminddb version to v1.9.1
• [DEPS] Updated lua-resty-core to v0.1.28
• [DEPS] Updated zlib version to v1.3.1
• [DEPS] Updated ModSecurity version to v3.0.12
• [DEPS] Updated coreruleset version to v3.3.5
• [DEPS] Added coreruleset version v4.1.0
• [DEPS] Updated lua-resty-mlcache version to v2.7.0
• [DEPS] Updated lua-resty-openssl version to v1.2.1
• [DEPS] Updated lua-resty-http version to v0.17.2

v1.5.5 - 2024/01/12

• [BUGFIX] Fix issues with the database when upgrading from one version to a newer one
• [BUGFIX] Fix ModSecurity-nginx to make it work with brotli
• [BUGFIX] Remove certbot renew delay causing errors on k8s
• [BUGFIX] Fix missing custom modsec files when BW instances change
• [BUGFIX] Fix inconsistency on config changes when using Redis
• [BUGFIX] Fix web UI not working when using / URL
• [FEATURE] Add Anonymous reporting feature
• [FEATURE] Add support for fallback Referrer-Policies
• [FEATURE] Add 2FA support to web UI
• [FEATURE] Add username and password management to web UI
• [FEATURE] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies
• [FEATURE] Add support for Redis Sentinel
• [FEATURE] Add support for tls in Ingress definition
• [MISC] Fallback to default HTTPS certificate to prevent errors
• [MISC] Various internal improvements in LUA code
• [MISC] Check nginx configuration before reload
• [MISC] Updated Python Docker image to 3.12.1-alpine3.18 in Dockerfiles
• [DEPS] Updated ModSecurity to v3.0.11

v1.5.4 - 2023/12/04

• [UI] Add an optional setup wizard for the web UI
• [BUGFIX] Fix issues with the Linux integration and external databases
• [BUGFIX] Fix scheduler trying to connect to Docker socket in k8s and swarm
• [LINUX] Support Debian 12, Fedora 39 and RHEL 8.9
• [DOCKER] Handle start and stop event of BunkerWeb with the scheduler
• [MISC] Refactor database session handling to make it more stable with SQLite
• [MISC] Add conditional block for open file cache in nginx config
• [MISC] Updated core dependencies
• [MISC] Updated python dependencies
• [MISC] Updated Python Docker image to 3.12.0-alpine3.18 in Dockerfiles

v1.5.3 - 2023/10/31

• [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
• [BUGFIX] Fix Custom configs not following the service name after an update on the UI
• [BUGFIX] Fix UI clearing configs folder at startup
• [BUGFIX] Fix Database not clearing old services when not using multisite
• [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
• [BUGFIX] Small fixes on linux paths creating unnecessary folders
• [BUGFIX] Fix ACME renewal fails on redirection enabled Service
• [BUGFIX] Fix errors when using a server name with multiple values in web UI
• [BUGFIX] Fix error when deleting a service that have custom configs on web UI
• [BUGFIX] Fix rare bug where database is locked
• [MISC] Updated core dependencies
• [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
• [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
• [MISC] Replaced gevent with gthread in UI for security reasons
• [MISC] Add HTML sanitization when injecting code in pages in the UI
• [MISC] Optimize the way the UI handles services creation and edition
• [MISC] Optimize certbot renew script to renew all domains in one command
• [MISC] Use capability instead of sudo in Linux
• [SECURITY] Init work on OpenSSF best practices

v1.5.2 - 2023/09/10

• [BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
• [BUGFIX] Fix infinite loop when using autoconf
• [BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
• [BUGFIX] Fix logs page not working in UI on Linux integrations
• [BUGFIX] Fix settings regex that had issues in general and with the UI
• [BUGFIX] Fix scheduler error with external plugins when reloading
• [BUGFIX] Fix permissions with folders in linux integrations
• [MISC] Push Docker images to GitHub packages (ghcr.io repository)
• [MISC] Improved CI/CD
• [MISC] Updated python dependencies
• [MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
• [MISC] Add support for ModSecurity JSON LogFormat
• [MISC] Updated OWASP coreruleset to 3.3.5

v1.5.1 - 2023/08/08

• [BUGFIX] New version checker in logs displays "404 not found"
• [BUGFIX] New version checker in UI
• [BUGFIX] Only get the right keys from plugin.json files when importing plugins
• [BUGFIX] Remove external resources for Google fonts in UI
• [BUGFIX] Support multiple plugin uploads in one zip when using the UI
• [BUGFIX] Variable being ignored instead of saved in the database when value is empty
• [BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
• [BUGFIX] Custom certificate bug after the refactoring
• [BUGFIX] Wrong variables in header phase (fix CORS feature too)
• [BUGFIX] UI not working in Ubuntu (python zope module)
• [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
• [BUGFIX] Custom configurations from env were not being deleted properly
• [BUGFIX] Missing concepts image not displayed in the documentation
• [BUGFIX] Scheduler not picking up new instances IPs in autoconf modes
• [BUGFIX] Autoconf deadlock in k8s
• [BUGFIX] Missing HTTP and HTTPS ports for temp nginx
• [BUGFIX] Infinite loop when sessions is not valid
• [BUGFIX] Missing valid LE certificates in edge cases
• [BUGFIX] Wrong service namespace in k8s
• [BUGFIX] DNS_RESOLVERS regex not accepting hostnames
• [PERFORMANCE] Reduce CPU and RAM usage of scheduler
• [PERFORMANCE] Cache ngx.ctx instead of loading it each time
• [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
• [FEATURE] Add Turnstile antibot mode
• [FEATURE] Add more CORS headers
• [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
• [FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
• [FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
• [FEATURE] Add X-Forwarded-Prefix header when using reverse proxy
• [FEATURE] Add REDIRECT_TO_STATUS_CODE to choose status code 301 or 302 when redirecting
• [DOCUMENTATION] Add timezone information
• [DOCUMENTATION] Add timezone informat
• [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
• [MISC] Temp remove VMWare provider for Vagrant integration
• [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
• [MISC] Move logs to /var/log/bunkerweb folder
• [MISC] Reduce "Got an error reading communication packets" warnings in mariadb/mysql

v1.5.0 - 2023/05/23

• Refactoring of almost all the components of the project
• Dedicated scheduler service to manage jobs and configuration
• Store configuration in a database backend
• Improved web UI and make it working with all integrations
• Improved internal LUA code
• Improved internal cache of BW
• Add Redis support when using clustered integrations
• Add RHEL integration
• Add Vagrant integration
• Init support of generic TCP/UDP (stream)
• Init support of IPv6
• Improved CI/CD : UI tests, core tests and release automation
• Reduce Docker images size
• Fix and improved core plugins : antibot, cors, dnsbl, ...
• Use PCRE regex instead of LUA patterns
• Connectivity tests at startup/reload with logging

v1.5.0-beta - 2023/05/02

• Refactoring of almost all the components of the project
• Dedicated scheduler service to manage jobs and configuration
• Store configuration in a database backend
• Improved web UI and make it working with all integrations
• Improved internal LUA code
• Improved internal cache of BW
• Add Redis support when using clustered integrations
• Add RHEL integration
• Add Vagrant integration
• Init support of generic TCP/UDP (stream)
• Init support of IPv6
• Improved CI/CD : UI tests, core tests and release automation
• Reduce Docker images size
• Fix and improved core plugins : antibot, cors, dnsbl, ...
• Use PCRE regex instead of LUA patterns
• Connectivity tests at startup/reload with logging

v1.4.8 - 2023/04/05

• Fix UI bug related to multiple settings
• Increase check reload interval in UI to avoid rate limit
• Fix Let's Encrypt error when using auth basic
• Fix wrong setting name in realip job (again)
• Fix blog posts retrieval in the UI
• Fix missing logs for UI
• Fix error log if BunkerNet ip list is empty
• Updated python dependencies
• Gunicorn will now show the logs in the console for the UI
• BunkerNet job will now create the ip list file at the beginning of the job to avoid errors

v1.4.7 - 2023/02/27

• Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS (again)
• Fix wrong setting name in realip job
• Fix whitelisting not working with modsecurity

v1.4.6 - 2023/02/14

• Fix error in the UI when a service have multiple domains
• Fix bwcli bans command
• Fix documentation about Linux Fedora install
• Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS
• Add INTERCEPTED_ERROR_CODES setting

v1.4.5 - 2022/11/26

• Fix bwcli syntax error
• Fix UI not working using Linux integration
• Fix missing openssl dep in autoconf
• Fix typo in selfsigned job

v1.4.4 - 2022/11/10

• Fix k8s controller not watching the events when there is an exception
• Fix python dependencies bug in CentOS and Fedora
• Fix incorrect log when reloading nginx using Linux integration
• Fix UI dev mode, production mode is now the default
• Fix wrong exposed port in the UI container
• Fix endless loading in the UI
• Fix *CUSTOM_CONF* dissapear when jobs are executed
• Fix various typos in documentation
• Fix warning about StartLimitIntervalSec directive when using Linux
• Fix incorrect log when issuing certbot renew
• Fix certbot renew error when using Linux or Docker integration
• Add greylist core feature
• Add BLACKLIST_IGNORE_* settings
• Add automatic change of SecRequestBodyLimit modsec directive based on MAX_CLIENT_SIZE setting
• Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS settings
• Add manual ban and get bans to the API/CLI
• Add Brawdunoir community example
• Improve core plugins order and add documentation about it
• Improve overall documentation
• Improve CI/CD

v1.4.3 - 2022/08/26

• Fix various documentation errors/typos and add various enhancements
• Fix ui.env not read when using Linux integration
• Fix wrong variables.env path when using Linux integration
• Fix missing default server when TEMP_NGINX=yes
• Fix check if BunkerNet is activated on default server
• Fix request crash when mmdb lookup fails
• Fix bad behavior trigger when request is whitelisted
• Fix bad behavior not triggered when request is on default server
• Fix BW overriding config when config is already present
• Add Ansible integration in beta
• Add *CUSTOM_CONF* setting to automatically add custom config files from setting value
• Add DENY_HTTP_STATUS setting to choose standard 403 error page (default) or 444 to close connection when access is denied
• Add CORS (Cross-Origin Resource Sharing) core plugin
• Add documentation about Docker in rootless mode and podman
• Improve automatic tests setup
• Migrate CI/CD infrastructure to another provider

v1.4.2 - 2022/06/28

• Fix "too old resource version" exceptions when using k8s integration
• Fix missing bwcli command with Linux integration
• Fix various bugs with jobs scheduler when using autoconf/swarm/k8s
• Fix bwcli unban command when using Linux integration
• Fix permissions check when filename has a space
• Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
• Fix config files overwrite when using Docker autoconf
• Add EXTERNAL_PLUGIN_URLS setting to automatically download and install external plugins
• Add log_default() plugin hook
• Add various certbot-dns examples
• Add mattermost example
• Add radarr example
• Add Discord and Slack to list of official plugins
• Force NGINX version dependencies in Linux packages DEB/RPM

v1.4.1 - 2022/06/16

• Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
• Fix certbot bug when AUTOCONF_MODE=yes
• Fix certbot bug when MULTISITE=no
• Add reverse proxy timeouts settings
• Add auth_request settings
• Add authentik and authelia examples
• Prebuilt Docker images for arm64 and armv7
• Improve documentation for Linux integration
• Various fixes in the documentation

v1.4.0 - 2022/06/06

• Project renamed to BunkerWeb
• Internal architecture fully revised with a modular approach
• Improved CI/CD with automatic tests for multiple integrations
• Plugin improvement
• Volume improvement for container-based integrations
• Web UI improvement with various new features
• Web tool to generate settings from a user-friendly UI
• Linux packages
• Various bug fixes

v1.3.2 - 2021/10/24

• Use API instead of a shared folder for Swarm and Kubernetes integrations
• Beta integration of distributed bad IPs database through a remote API
• Improvement of the request limiting feature : hour/day rate and multiple URL support
• Various bug fixes related to antibot feature
• Init support of Arch Linux
• Fix Moodle example
• Fix ROOT_FOLDER bug in serve-files.conf when using the UI
• Update default values for PERMISSIONS_POLICY and FEATURE_POLICY
• Disable COUNTRY ban if IP is local

v1.3.1 - 2021/09/02

• Use ModSecurity v3.0.4 instead of v3.0.5 to fix memory leak
• Fix ignored variables to control jobs
• Fix bug when LISTEN_HTTP=no and MULTISITE=yes
• Add CUSTOM_HEADER variable
• Add REVERSE_PROXY_BUFFERING variable
• Add REVERSE_PROXY_KEEPALIVE variable
• Fix documentation for modsec and modsec-crs special folders

v1.3.0 - 2021/08/23

• Kubernetes integration in beta
• Linux integration in beta
• autoconf refactoring
• jobs refactoring
• UI refactoring
• UI security : login/password authentication and CRSF protection
• various dependencies updates
• move CrowdSec as an external plugin
• Authelia support
• improve various regexes
• add INJECT_BODY variable
• add WORKER_PROCESSES variable
• add USE_LETS_ENCRYPT_STAGING variable
• add LOCAL_PHP and LOCAL_PHP_PATH variables
• add REDIRECT_TO variable

v1.2.8 - 2021/07/22

• Fix broken links in README
• Fix regex for EMAIL_LETS_ENCRYPT
• Fix regex for REMOTE_PHP and REMOTE_PHP_PATH
• Fix regex for SELF_SIGNED_*
• Fix various bugs related to web UI
• Fix bug in autoconf (missing instances parameter to reload function)
• Remove old .env files when generating a new configuration

v1.2.7 - 2021/06/14

• Add custom robots.txt and sitemap to RTD
• Fix missing GeoIP DB bug when using BLACKLIST/WHITELIST_COUNTRY
• Add underscore "_" to allowed chars for CUSTOM_HTTPS_CERT/KEY
• Fix bug when using automatic self-signed certificate
• Build and push images from GitHub actions instead of Docker Hub autobuild
• Display the reason when generator is ignoring a variable
• Various bug fixes related to certbot and jobs
• Split jobs into pre and post jobs
• Add HEALTHCHECK to image
• Fix race condition when using autoconf without Swarm by checking healthy state
• Bump modsecurity-nginx to v1.0.2
• Community chat with bridged platforms

v1.2.6 - 2021/06/06

• Move from "ghetto-style" shell scripts to generic jinja2 templating
• Init work on a basic plugins system
• Move ClamAV to external plugin
• Reduce image size by removing unnecessary dependencies
• Fix CrowdSec example
• Change some global variables to multisite
• Add LOG_LEVEL environment variable
• Read-only container support
• Improved antibot javascript with a basic proof of work
• Update nginx to 1.20.1
• Support of docker-socket-proxy with web UI
• Add certbot-cloudflare example
• Disable DNSBL checks when IP is local

v1.2.5 - 2021/05/14

• Performance improvement : move some nginx security checks to LUA and external blacklist parsing enhancement
• Init work on official documentation on readthedocs
• Fix default value for CONTENT_SECURITY_POLICY to allow file downloads
• Add ROOT_SITE_SUBFOLDER environment variable

TODO - retrospective changelog