Changelog:
- In reverse_proxy, the max_idle_conns_per_host option has been removed (both Caddyfile and JSON). For Caddyfile, basically the property was renamed to keepalive_idle_conns_per_host. In JSON, the property was simply removed, the keep_alive/max_idle_conns_per_host should be used instead. Previously, the Caddyfile subdirective set both MaxConnsPerHost and MaxIdleConnsPerHost, which was confusing; and the JSON properties overwrote each other, so one was removed.
- Security patch in the FastCGI transport that now sanitizes paths against directory traversal outside the site root.
- Fix canonicalization redirects in file_server. v2.4.2 introduced a bugfix for these redirects when used inside handle_path (i.e. rewriting the path by stripping a prefix), but caused a regression for many other use cases. This release includes a proper fix for all known, tested cases. Basically: these redirects are not issued if the filename of a path was rewritten internally.
- Refactor and export SanitizedPathJoin for use in fastcgi
- Don't persist parsed template
- Only redirect if filename not rewritten
- Fix overwriting of max_idle_conns_per_host.
Signed-off-by: Martin Reboredo <yakoyoku@gmail.com>