Releases: bunkerity/bunkerweb
v1.6.0-rc2
Documentation : https://docs.bunkerweb.io/1.6.0-rc2/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.0-rc2
orghcr.io/bunkerity/bunkerweb:1.6.0-rc2
- Scheduler :
bunkerity/bunkerweb-scheduler:1.6.0-rc2
orghcr.io/bunkerity/bunkerweb-scheduler:1.6.0-rc2
- Autoconf :
bunkerity/bunkerweb-autoconf:1.6.0-rc2
orghcr.io/bunkerity/bunkerweb-autoconf:1.6.0-rc2
- UI :
bunkerity/bunkerweb-ui:1.6.0-rc2
orghcr.io/bunkerity/bunkerweb-ui:1.6.0-rc2
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.0-rc2&filter=all&dist=
Changelog :
- [BUGFIX] Whitelisting a client no longer bypasses https redirect settings as the
ssl
plugin is now executed before thewhitelist
plugin - [UI] Fixed condition when validating the setup wizard form when a custom certificate is used
- [FEATURE] Add extra validation of certificates in
customcert
plugin - [FEATURE] Introduce new
SSL
plugin to manage SSL/TLS settings without tweaking themisc
plugin - [FEATURE] Add
stream
support inKubernetes
integration - [FEATURE] Renamed the
MODSECURITY_CRS_PLUGIN_URLS
setting toMODSECURITY_CRS_PLUGINS
to make it more consistent as the setting now accepts plugin names directly as well as URLs and automatically downloads them
[FEATURE] Addplugin_list
command tobwcli
for listing available plugins and their commands - [DOCS] Added Swarm deprecated notice in the documentation
- [DEPS] Added Brotli v1.1.0 dependency for ngx_brotli
- [DEPS] Updated headers-more-nginx-module version to v0.37
- [DEPS] Updated libinjection to latest commit on main branch
- [DEPS] Updated libmaxminddb version to v1.12.2
- [DEPS] Updated luajit2 version to v2.1-20250117
- [DEPS] Updated lua-nginx-module version to v0.10.28
- [DEPS] Updated lua-resty-core version to v0.1.31
- [DEPS] Updated lua-resty-dns version to v0.23
- [DEPS] Updated lua-resty-redis version to v0.31
- [DEPS] Updated ngx_brotli to latest commit on master branch
- [DEPS] Updated stream-lua-nginx-module version to v0.0.16
Testing
The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.
Documentation : https://docs.bunkerweb.io/testing/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:testing
orghcr.io/bunkerity/bunkerweb:testing
- Scheduler :
bunkerity/bunkerweb-scheduler:testing
orghcr.io/bunkerity/bunkerweb-scheduler:testing
- Autoconf :
bunkerity/bunkerweb-autoconf:testing
orghcr.io/bunkerity/bunkerweb-autoconf:testing
- UI :
bunkerity/bunkerweb-ui:testing
orghcr.io/bunkerity/bunkerweb-ui:testing
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=testing&filter=all&dist=
Please note that when using Linux Debian or Ubuntu integration, you will need to add the force-bad-version
directive to your /etc/dpkg/dpkg.cfg
file before installing the testing version of BunkerWeb.
v1.6.0-rc1
Documentation : https://docs.bunkerweb.io/1.6.0-rc1/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.0-rc1
orghcr.io/bunkerity/bunkerweb:1.6.0-rc1
- Scheduler :
bunkerity/bunkerweb-scheduler:1.6.0-rc1
orghcr.io/bunkerity/bunkerweb-scheduler:1.6.0-rc1
- Autoconf :
bunkerity/bunkerweb-autoconf:1.6.0-rc1
orghcr.io/bunkerity/bunkerweb-autoconf:1.6.0-rc1
- UI :
bunkerity/bunkerweb-ui:1.6.0-rc1
orghcr.io/bunkerity/bunkerweb-ui:1.6.0-rc1
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.0-rc1&filter=all&dist=
Changelog :
- [BUGFIX] Increase string length for service_id and id columns in database models to avoid issues with long service names
- [BUGFIX] Fix shenanigans with setup wizard when a reverse proxy was already configured
- [LINUX] Support Fedora 40 back and temporarily put aside Fedora 41 (there are issues when building the images)
- [UI] Add
CHECK_PRIVATE_IP
configuration to manage session IP address changes for private networks - [UI] Implement
ALWAYS_REMEMBER
functionality for session persistence in login - [UI] Add temporary UI service to show errors that occurred if any while web UI was starting up
- [FEATURE] Update regex for cookie flags validation to allow additional attributes
- [FEATURE] Add health check endpoint and integrate it into the scheduler for instance status monitoring
- [FEATURE] Add country tracking to bans data
- [FEATURE] Refactored the way the database migrations are handled to make it more reliable and faster using alembic
- [FEATURE] Add configurable limit for SecRequestBodyNoFilesLimit in ModSecurity via the
MODSECURITY_REQ_BODY_NO_FILES_LIMIT
setting - [FEATURE] Add multi-user support in
Auth basic
plugin - [FEATURE] Add support for TCP toggle listening in server-stream configuration (now UDP doesn't replace TCP when activated)
- [FEATURE] Made
LISTEN_STREAM_PORT
andLISTEN_STREAM_PORT_SSL
settings multiples to allow listening on multiple ports - [DEPRECATION] Remove
X-XSS-Protection
header from theheader
plugin as it is deprecated - [DEPS] Updated coreruleset-v4 version to v4.10.0
- [DEPS] Updated libmaxminddb version to v1.12.1
v1.6.0-beta
Documentation : https://docs.bunkerweb.io/1.6.0-beta/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.6.0-beta
orghcr.io/bunkerity/bunkerweb:1.6.0-beta
- Scheduler :
bunkerity/bunkerweb-scheduler:1.6.0-beta
orghcr.io/bunkerity/bunkerweb-scheduler:1.6.0-beta
- Autoconf :
bunkerity/bunkerweb-autoconf:1.6.0-beta
orghcr.io/bunkerity/bunkerweb-autoconf:1.6.0-beta
- UI :
bunkerity/bunkerweb-ui:1.6.0-beta
orghcr.io/bunkerity/bunkerweb-ui:1.6.0-beta
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.0-beta&filter=all&dist=
Changelog :
- [FEATURE] Add support for the Coreruleset plugins via the USE_MODSECURITY_CRS_PLUGINS and the MODSECURITY_CRS_PLUGIN_URLS settings (it automatically downloads and installs the plugins like with BunkerWeb's external plugins). plugins can also be added manually via custom configuration files
- [FEATURE] Add X_DNS_PREFETCH_CONTROL setting to control the DNS prefetching behavior via the X-DNS-Prefetch-Control header (default is off)
- [FEATURE] Add new
securitytxt
plugin to manage the security.txt file from settings and serve it - [FEATURE] Add new
REVERSE_PROXY_PASS_REQUEST_BODY
setting to control if the request body should be passed to the upstream server (default is yes) - [FEATURE] Jobs now have an history which the size can be controlled via the
DATABASE_MAX_JOBS_RUNS
setting (default is 10000) and it will be possible to see it in the web UI in a future release - [FEATURE] Add support for HTTP/3 connections limiting via the
HTTP3_CONNECTIONS_LIMIT
setting (default is 100) in thelimit
plugin - [FEATURE] Add new templating feature to allow to quickly override the default values of settings and custom configurations. You can also precise steps to follow in the UI to help the user configure services.
- [FEATURE] Optimized the way the scheduler sends the configuration to the instances to make it faster and more reliable using a ThreadPoolExecutor
- [FEATURE] Add the possibility to set a custom timezone for every service via the
TZ
environment variable (will apply to the logs and all date fields stored in the database). If not set, it will use the local timezone of the server. - [FEATURE] Add the possibility to run plugins job in async mode to avoid running them in order in the scheduler by setting the
async
key totrue
in the plugin job configuration (default isfalse
) - [FEATURE] Add Let's Encrypt DNS challenges support !
- [FEATURE] Add new
REMOTE_PHP_PORT
setting to control the port used by the remote PHP feature (default is 9000) - [SCHEDULER] Refactor the scheduler to use the
BUNKERWEB_INSTANCES
(previously known asOVERRIDE_INSTANCES
) environment variable instead of an integration specific system - [AUTOCONF] Add new
NAMESPACES
environment variable to allow setting the namespaces to watch for the autoconf feature which makes it possible to use multiple autoconf instances in the same cluster while keeping the configuration separated - [AUTOCONF] Add new
USE_KUBERNETES_FQDN
environment variable to allow using the full qualified domain name of the services in Kubernetes instead of the ip address for the hostname of instances (default is yes) - [LINUX] Support Fedora 41 and drop support of Fedora 40
- [UI] Start refactoring the UI to make it more modular and easier to maintain
- [UI] Add a
remember me
feature to the login page so that the user can stay logged in for a longer period of time (expires after 31 days) - [UI] Add new
TOTP_SECRETS
setting to encrypt the TOTP secrets in the database (if not set, we generate a random amount of secrets via passlib.totp) - โ We highly recommend setting this setting to a custom value to prevent the secrets from being erased when the volumes are deleted - [UI] Start adding roles and permissions to the UI to allow different users to have different permissions in a multi-user environment for the near future
- [UI] Made 2FA feature more user-friendly and added recovery codes in case of lost access to the 2FA device
- [UI] Refactored the way we handle logs in the UI to make it so that it no longer relies on Integration specific logics and instead always reads the files present in the
/var/log/bunkerweb
folder - [DOCS] Updated docs for all new features and changes
- [MISC] Review security headers in the
headers
plugin to improve security - [MISC] Updated context of
realip
'sUSE_PROXY_PROTOCOL
setting toglobal
as it was always applied globally even if set only on a service - [DEPS] Updated lua-resty-core version to v0.1.30
- [DEPS] Updated lua-resty-lrucache version to v0.15
- [DEPS] Updated LuaJIT version to v2.1-20241113
- [DEPS] Updated Mbed TLS version to v3.6.2
- [DEPS] Updated coreruleset-v4 version to v4.9.0
v1.5.12
Documentation : https://docs.bunkerweb.io/1.5.12/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.5.12
orghcr.io/bunkerity/bunkerweb:1.5.12
- Scheduler :
bunkerity/bunkerweb-scheduler:1.5.12
orghcr.io/bunkerity/bunkerweb-scheduler:1.5.12
- Autoconf :
bunkerity/bunkerweb-autoconf:1.5.12
orghcr.io/bunkerity/bunkerweb-autoconf:1.5.12
- UI :
bunkerity/bunkerweb-ui:1.5.12
orghcr.io/bunkerity/bunkerweb-ui:1.5.12
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.12&filter=all&dist=
Changelog :
- [SECURITY] Fix CVE-2024-53254
- [UI] Fix issues in several pages because of a wrong key being used to fetch the data
v1.5.11
Documentation : https://docs.bunkerweb.io/1.5.11/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.5.11
orghcr.io/bunkerity/bunkerweb:1.5.11
- Scheduler :
bunkerity/bunkerweb-scheduler:1.5.11
orghcr.io/bunkerity/bunkerweb-scheduler:1.5.11
- Autoconf :
bunkerity/bunkerweb-autoconf:1.5.11
orghcr.io/bunkerity/bunkerweb-autoconf:1.5.11
- UI :
bunkerity/bunkerweb-ui:1.5.11
orghcr.io/bunkerity/bunkerweb-ui:1.5.11
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.11&filter=all&dist=
Changelog :
- [BUGFIX] Fix INTERCEPTED_ERROR_CODES to allow empty value
- [UI] Fix missing settings when a service is published online
- [UI] Fix instances always down in instances page
- [AUTOCONF] Fix BW env vars not retrieved
- [AUTOCONF] Fix deadlock on k8s events when there is no ingress
- [LINUX] Increase default worker dict size to avoid crash on RPI
- [MISC] Add WORKERLOCK_MEMORY_SIZE setting for worker dict size
- [MISC] Add API_TIMEOUT and API_READ_TIMEOUT settings to control API timeouts
- [DEPS] Updated coreruleset-v4 version to v4.8.0
- [DEPS] Updated coreruleset-v3 version to v3.3.7
v1.5.10
Documentation : https://docs.bunkerweb.io/1.5.10/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.5.10
orghcr.io/bunkerity/bunkerweb:1.5.10
- Scheduler :
bunkerity/bunkerweb-scheduler:1.5.10
orghcr.io/bunkerity/bunkerweb-scheduler:1.5.10
- Autoconf :
bunkerity/bunkerweb-autoconf:1.5.10
orghcr.io/bunkerity/bunkerweb-autoconf:1.5.10
- UI :
bunkerity/bunkerweb-ui:1.5.10
orghcr.io/bunkerity/bunkerweb-ui:1.5.10
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.10&filter=all&dist=
Changelog :
- [UI] Fix setup wizard bug related to certificate
- [UI] Fix bug when adding more than 3 reverse proxies URLs
- [UI] Fix wrong type for REVERSE_PROXY_SSL_SNI_NAME setting
- [BUGFIX] Add HTTP3 specific modsec rule in web UI to avoid false positives
- [BUGFIX] Fix missing scheduler logs in Linux integration
- [BUGFIX] Add missing REPORT HTTP method to ALLOWED_METHODS setting
- [DEPS] Updated NGINX version to v1.26.2
- [DEPS] Updated LuaJIT version to v2.1-20240815
- [DEPS] Updated libmaxminddb version to v1.11.0
- [DEPS] Updated lua-cjson to latest commit for the version v2.1.0.14
- [DEPS] Updated lua-nginx-module version to v0.10.27
- [DEPS] Updated lua-resty-core version to v0.1.29
- [DEPS] Updated lua-resty-lrucache version to v0.14
- [DEPS] Updated lua-resty-openssl version to v1.5.1
- [DEPS] Updated lua-resty-signal version to v0.04
- [DEPS] Updated lua-resty-string version to v0.16
- [DEPS] Updated stream-lua-nginx-module version to v0.0.15
- [DEPS] Updated coreruleset-v4 version to v4.6.0
- [DEPS] Updated coreruleset-v3 version to v3.3.6
- [DEPS] Updated ModSecurity version to v3.0.13
- [DEPS] Start managing Mbed TLS as a dependency for ModSecurity (v3.6.1)
v1.5.9
Documentation : https://docs.bunkerweb.io/1.5.9/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.5.9
orghcr.io/bunkerity/bunkerweb:1.5.9
- Scheduler :
bunkerity/bunkerweb-scheduler:1.5.9
orghcr.io/bunkerity/bunkerweb-scheduler:1.5.9
- Autoconf :
bunkerity/bunkerweb-autoconf:1.5.9
orghcr.io/bunkerity/bunkerweb-autoconf:1.5.9
- UI :
bunkerity/bunkerweb-ui:1.5.9
orghcr.io/bunkerity/bunkerweb-ui:1.5.9
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.9&filter=all&dist=
Changelog :
- [BUGFIX] Fix compatibility issues with mysql 8.4+ version and the
backup
plugin by adding themariadb-connector-c
dependency to the scheduler Dockerfile (on alpine) - [BUGFIX] Fix potential issues with multiple settings in helpers.load_variables when multiple settings have the same suffix (the issue is only present in future external plugins)
- [BUGFIX] Fix issues with kubernetes integration when were setting a global multisite setting it was not applied to the services
- [FEATURE] Add REVERSE_PROXY_SSL_SNI and REVERSE_PROXY_SSL_SNI_NAME to support SNI-based upstreams
- [UI] Update web UI setup wizard to handle when a reverse proxy already exists but no admin user is configured
- [UI] Fix issues with multiple settings on the global_config not being able to be deleted in specific cases
- [AUTOCONF] Fix issues with globally set settings overridden by default values not being saved correctly in database
- [LINUX] Update Linux repository to repo.bunkerweb.io
- [SECURITY] Update security headers in default pages and error pages for improved security
- [DEPS] Updated LuaJIT version to v2.1-20240626
- [DEPS] Updated coreruleset-v4 version to v4.5.0
v1.5.8
Documentation : https://docs.bunkerweb.io/1.5.8/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.5.8
orghcr.io/bunkerity/bunkerweb:1.5.8
- Scheduler :
bunkerity/bunkerweb-scheduler:1.5.8
orghcr.io/bunkerity/bunkerweb-scheduler:1.5.8
- Autoconf :
bunkerity/bunkerweb-autoconf:1.5.8
orghcr.io/bunkerity/bunkerweb-autoconf:1.5.8
- UI :
bunkerity/bunkerweb-ui:1.5.8
orghcr.io/bunkerity/bunkerweb-ui:1.5.8
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.8&filter=all&dist=
Changelog :
- [LINUX] Support Fedora 40 and drop support of Fedora 39
- [BUGFIX] Fix potential errors when upgrading from a previous version
- [BUGFIX] Fix rare bug on the web UI when editing the SERVER_NAME setting of a service
- [BUGFIX] Fix potential race conditions between the autoconf and the scheduler waiting for each other indefinitely
- [BUGFIX] Fix Let's Encrypt certificate renewal when a certificate date changes by forcing the renewal
- [BUGFIX] Fix issues with k8s integration and the save_config.py script
- [FEATURE] Add nightly build of the OWASP coreruleset that are automatically downloaded and updated
- [FEATURE] Enhance security on error pages, default server page and loading page by adding a custom
Content-Security-Policy
header with nonces and removing theServer
header - [FEATURE] Add new DATABASE_URI_READONLY setting to allow setting up a fallback read-only database URI in case the main database URI is not available
- [FEATURE] Add automatic fallback to either read-only on the primary database or to the read-only database URI when the main database URI is not available and automatically switch back to the main database URI when it becomes available again
- [FEATURE] Add experimental support of HTTP/3 (QUIC)
- [FEATURE] Optimize the way the scheduler handles jobs and the way the jobs are executed
- [FEATURE] Optimize the way the cache files are being refreshed from the database
- [FEATURE] Add failover logic in case the NGINX configuration is not valid to fallback to the previous configuration and log the error to prevent the service from being stopped
- [UI] Force HTTPS on setup wizard
- [UI] Fallback to self-signed certificate when UI is installed with setup wizard and let's encrypt is not used
- [UI] Force HTTPS even if UI is installed in advanced mode
- [UI] Add OVERRIDE_ADMIN_CREDS environment variable to allow overriding the default admin credentials even if an admin user already exists
- [UI] Optimize the way the UI handles the requests and the responses
- [AUTOCONF] Refactor Autoconf config parsing and saving logic so that it doesn't override the scheduler or UI config every time
- [MISC] Update logger format and datefmt for better readability
- [DEPS] Updated NGINX version to v1.26.1
- [DEPS] Updated stream-lua-nginx-module version to the latest commit to incorporate the latest changes and fixes for NGINX v1.26
- [DEPS] Updated coreruleset-v4 version to v4.3.0
- [DEPS] Updated lua-resty-openssl version to v1.4.0
v1.5.7
Documentation : https://docs.bunkerweb.io/1.5.7/
Docker tags :
- BunkerWeb :
bunkerity/bunkerweb:1.5.7
orghcr.io/bunkerity/bunkerweb:1.5.7
- Scheduler :
bunkerity/bunkerweb-scheduler:1.5.7
orghcr.io/bunkerity/bunkerweb-scheduler:1.5.7
- Autoconf :
bunkerity/bunkerweb-autoconf:1.5.7
orghcr.io/bunkerity/bunkerweb-autoconf:1.5.7
- UI :
bunkerity/bunkerweb-ui:1.5.7
orghcr.io/bunkerity/bunkerweb-ui:1.5.7
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.7&filter=all&dist=
Changelog :
- [LINUX] Support Ubuntu 24.04 (Noble)
- [LINUX] Support RHEL 9.4 instead of 9.3
- [LINUX] Support hot reload with systemctl reload
- [BUGFIX] Fix rare error when the cache is not properly initialized and jobs are executed
- [BUGFIX] Fix bug when downloading new mmdb files
- [BUGFIX] Remove potential false positives with ModSecurity on the jobs page of the web UI
- [BUGFIX] Fix bwcli not working with Redis sentinel
- [BUGFIX] Fix potential issues when removing the bunkerweb Linux package
- [BUGFIX] Fix bug when antibot is enabled and User-Agent or IP address has changed
- [FEATURE] Add backup plugin to backup and restore easily the database
- [FEATURE] Add LETS_ENCRYPT_CLEAR_OLD_CERTS setting to control if old certificates should be removed when generating Let's Encrypt certificates (default is no)
- [FEATURE] Add DISABLE_DEFAULT_SERVER_STRICT_SNI setting to allow/block requests when SNI is unknown or unset (default is no)
- [UI] General : fix tooltip crop because of overflow
- [UI] General : fix select setting crop because of overflow and check if select is out of viewport to determine visible position
- [UI] General : show logs on UI when pre rendering issue
- [UI] General : Improve UI performance by using multiple workers for the web server and reducing the number of times we prompt a loading page
- [UI] General : handle word breaks on dynamic text content
- [UI] General : fix overflow issue with tables on Safari
- [UI] General : fix static resources issue with firefox leading to loop requests
- [UI] Global config : fix script error while fragment relate to a missing plugin
- [UI] Global config / services page : filtering settings now open plugin select to highlight remaining plugin
- [UI] Global config / services page : add combobox on plugin select open to search a plugin quick
- [UI] Global config / services page : add order for settings to always respect the order defined in the plugin
- [UI] Services page : show any invalid setting value on setting modal and disabled save if case
- [UI] Reporting page : fix missing data and add new ones
- [UI] Account page : keep license key form even if pro register to easy update
- [UI] Wizard : Add the possibility to still configure reverse proxy even if an admin user already exists
- [AUTOCONF] Speedup autoconf process when we have multiple events in short period of time
- [DOCUMENTATION] Add upgrade procedure for 1.5.7+
- [DOCUMENTATION] Rename Migrating section to Upgrading
- [MISC] Drop support of ansible and vagrant integrations
- [MISC] Support custom bwcli commands using plugins
- [MISC] Add Docker labels in autoconf, bw, scheduler, and ui Dockerfiles
- [DEPS] Update Python base Docker image to version 3.12.3-alpine3.19
- [DEPS] Updated LuaJIT version to v2.1-20240314
- [DEPS] Updated lua-resty-openssl version to 1.3.1
- [DEPS] Updated coreruleset-v4 version to v4.2.0