v1.5.6

Documentation : https://docs.bunkerweb.io/1.5.6/

Docker tags :

• BunkerWeb : bunkerity/bunkerweb:1.5.6 or ghcr.io/bunkerity/bunkerweb:1.5.6
• Scheduler : bunkerity/bunkerweb-scheduler:1.5.6 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.6
• Autoconf : bunkerity/bunkerweb-autoconf:1.5.6 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.6
• UI : bunkerity/bunkerweb-ui:1.5.6 or ghcr.io/bunkerity/bunkerweb-ui:1.5.6

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.6&filter=all&dist=

Changelog :

• [LINUX] Support RHEL 9.3
• [BUGFIX] Fix issues with the antibot feature (#866, #870)
• [BUGFIX] Fix Bad behavior whitelist check in access phase
• [BUGFIX] Fix ModSecurity FP on antibot page
• [BUGFIX] Fix Whitelist core plugin missing a check for empty server_name in multisite mode
• [BUGFIX] Fix Templator missing some common configs
• [BUGFIX] Database update with external plugins reupload
• [BUGFIX] UI delete or edit multiple setting
• [LINUX] Add logrotate support for the logs
• [UI] New : add bans management page in the web UI
• [UI] New : add blocked requests page in the web UI
• [UI] New : some core plugins pages in the web UI
• [UI] General : enhance the Content-Security-Policy header in the web UI
• [UI] General : dark mode enhancement
• [UI] General : add visual feedback when filtering is matching nothing
• [UI] General : blog news working and add dynamic banner news
• [UI] Global config page : Add multisite edit, add context filter
• [UI] Global config / Service page : remove tabs for select and enhance filtering (plugin name, multiple settings and context now includes)
• [UI] Service page : add the possibility to clone a service in the web UI
• [UI] Service page : add the possibility to set a service as draft in the web UI
• [UI] Service page : add services filter when at least 4 services
• [UI] Configs page : add path filtering related to config presence, remove service when config is root only
• [UI] Pro license : add home card, show pro plugins on menu and plugins page, resume in account page, alert in case issue with license usage
• [UI] Log page : enhance UX
• [FEATURE] Add setting REDIS_SSL_VERIFY to activate/disable the SSL certificate verification when using Redis
• [FEATURE] Add Redis Sentinel fallback to master automatically if no slaves are available
• [FEATURE] Add Redis Sentinel support for bwcli
• [FEATURE] Add new Metrics core plugin that will allow metrics collection and retrieval of internal metrics
• [FEATURE] Add setting DATABASE_LOG_LEVEL to control SQLAlchemy loggers separately from the main one
• [FEATURE] Add whitelist check for the default-server as well
• [FEATURE] Add the possibility to choose between the coreruleset v3 and v4 that will be used by ModSecurity (default is v3)
• [FEATURE] Add the TIMERS_LOG_LEVEL setting to control the log level of the lua timers
• [FEATURE] Add pro version management to core plugins, the scheduler and the web UI
• [FEATURE] Add REVERSE_PROXY_CUSTOM_HOST setting to set a custom Host header when using reverse proxy
• [MISC] Add a better custom certificate cache handling
• [MISC] Updated Linux base images in Dockerfiles
• [MISC] Add recommended dialects to databases string
• [MISC] Refine the data sent in the anonymous reporting feature and move the setting and the job to the "jobs" plugin
• [MISC] BunkerWeb will now load the default loading page even on 404 errors when generating the configuration
• [MISC] Update database schema to support the new pro version and optimize it
• [MISC] Refactor SSL/TLS logics to make it more consistent
• [MISC] Use ECDSA key instead of RSA for selfsigned/default/fallback certificates
• [MISC] Refactor certbot-new job to optimize the certbot requests
• [MISC] Refactor jobs utils to make it more consistent
• [MISC] Review jobs and utils to make it more consistent and better in general
• [MISC] Change BunkerWeb base Docker image to nginx:1.24.0-alpine-slim
• [DOCUMENTATION] Update web UI's setup wizard instructions in the documentation
• [DOCUMENTATION] Update plugins documentation to reflect the new plugin system
• [DOCUMENTATION] Update ModSecurity documentation to reflect the new changes in the Security Tuning section
• [DOCUMENTATION] Add pro version documentation
• [DEPS] Updated stream-lua-nginx-module to v0.0.14
• [DEPS] Updated lua-nginx-module version to v0.10.26
• [DEPS] Updated libmaxminddb version to v1.9.1
• [DEPS] Updated lua-resty-core to v0.1.28
• [DEPS] Updated zlib version to v1.3.1
• [DEPS] Updated ModSecurity version to v3.0.12
• [DEPS] Updated coreruleset version to v3.3.5
• [DEPS] Added coreruleset version v4.1.0
• [DEPS] Updated lua-resty-mlcache version to v2.7.0
• [DEPS] Updated lua-resty-openssl version to v1.2.1
• [DEPS] Updated lua-resty-http version to v0.17.2

v1.5.5

Documentation : https://docs.bunkerweb.io/1.5.5/

Docker tags :

• BunkerWeb : bunkerity/bunkerweb:1.5.5 or ghcr.io/bunkerity/bunkerweb:1.5.5
• Scheduler : bunkerity/bunkerweb-scheduler:1.5.5 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.5
• Autoconf : bunkerity/bunkerweb-autoconf:1.5.5 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.5
• UI : bunkerity/bunkerweb-ui:1.5.5 or ghcr.io/bunkerity/bunkerweb-ui:1.5.5

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.5&filter=all&dist=

Changelog :

• [BUGFIX] Fix issues with the database when upgrading from version 1.5.3 and 1.5.4 to the most recent version
• [BUGFIX] Fix ModSecurity-nginx to make it work with brotli
• [BUGFIX] Remove certbot renew delay causing errors on k8s
• [BUGFIX] Fix missing custom modsec files when BW instances change
• [BUGFIX] Fix inconsistency on config changes when using Redis
• [BUGFIX] Fix web UI not working when using / URL
• [FEATURE] Add Anonymous reporting feature
• [FEATURE] Add support for fallback Referrer-Policies
• [FEATURE] Add 2FA support to web UI
• [FEATURE] Add username and password management to web UI
• [FEATURE] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies
• [FEATURE] Add support for Redis Sentinel
• [FEATURE] Add support for tls in Ingress definition
• [MISC] Fallback to default HTTPS certificate to prevent errors
• [MISC] Various internal improvements in LUA code
• [MISC] Check nginx configuration before reload
• [MISC] Updated Python Docker image to 3.12.1-alpine3.18 in Dockerfiles
• [MISC] Switch gunicorn worker_class back to gevent in web UI
• [DEPS] Updated ModSecurity to v3.0.11

v1.5.4

Documentation : https://docs.bunkerweb.io/1.5.4/

Docker tags :

• BunkerWeb : bunkerity/bunkerweb:1.5.4 or ghcr.io/bunkerity/bunkerweb:1.5.4
• Scheduler : bunkerity/bunkerweb-scheduler:1.5.4 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.4
• Autoconf : bunkerity/bunkerweb-autoconf:1.5.4 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.4
• UI : bunkerity/bunkerweb-ui:1.5.4 or ghcr.io/bunkerity/bunkerweb-ui:1.5.4

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.4&filter=all&dist=

Changelog :

• [UI] Add an optional setup wizard for the web UI
• [BUGFIX] Fix issues with the Linux integration and external databases
• [BUGFIX] Fix scheduler trying to connect to Docker socket in k8s and swarm
• [LINUX] Support Debian 12, Fedora 39 and RHEL 8.9
• [DOCKER] Handle start and stop event of BunkerWeb with the scheduler
• [MISC] Refactor database session handling to make it more stable with SQLite
• [MISC] Add conditional block for open file cache in nginx config
• [MISC] Updated core dependencies
• [MISC] Updated python dependencies
• [MISC] Updated Python Docker image to 3.12.0-alpine3.18 in Dockerfiles

v1.5.3

Documentation : https://docs.bunkerweb.io/1.5.3/

Docker tags :

• BunkerWeb : bunkerity/bunkerweb:1.5.3 or ghcr.io/bunkerity/bunkerweb:1.5.3
• Scheduler : bunkerity/bunkerweb-scheduler:1.5.3 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.3
• Autoconf : bunkerity/bunkerweb-autoconf:1.5.3 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.3
• UI : bunkerity/bunkerweb-ui:1.5.3 or ghcr.io/bunkerity/bunkerweb-ui:1.5.3

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.3&filter=all&dist=

Changelog :

• [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
• [BUGFIX] Fix Custom configs not following the service name after an update on the UI
• [BUGFIX] Fix UI clearing configs folder at startup
• [BUGFIX] Fix Database not clearing old services when not using multisite
• [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
• [BUGFIX] Small fixes on linux paths creating unnecessary folders
• [BUGFIX] Fix ACME renewal fails on redirection enabled Service
• [BUGFIX] Fix errors when using a server name with multiple values in web UI
• [BUGFIX] Fix error when deleting a service that have custom configs on web UI
• [BUGFIX] Fix rare bug where database is locked
• [MISC] Updated core dependencies
• [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
• [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
• [MISC] Replaced gevent with gthread in UI for security reasons
• [MISC] Add HTML sanitization when injecting code in pages in the UI
• [MISC] Optimize the way the UI handles services creation and edition
• [MISC] Optimize certbot renew script to renew all domains in one command
• [MISC] Use capability instead of sudo in Linux
• [SECURITY] Init work on OpenSSF best practices

v1.5.2

Documentation : https://docs.bunkerweb.io/1.5.2/

Docker tags :

• BunkerWeb : bunkerity/bunkerweb:1.5.2 or ghcr.io/bunkerity/bunkerweb:1.5.2
• Scheduler : bunkerity/bunkerweb-scheduler:1.5.2 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.2
• Autoconf : bunkerity/bunkerweb-autoconf:1.5.2 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.2
• UI : bunkerity/bunkerweb-ui:1.5.2 or ghcr.io/bunkerity/bunkerweb-ui:1.5.2

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.2&filter=all&dist=

Changelog :

• [BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
• [BUGFIX] Fix infinite loop when using autoconf
• [BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
• [BUGFIX] Fix logs page not working in UI on Linux integrations
• [BUGFIX] Fix settings regex that had issues in general and with the UI
• [BUGFIX] Fix scheduler error with external plugins when reloading
• [BUGFIX] Fix permissions with folders in linux integrations
• [MISC] Push Docker images to GitHub packages (ghcr.io repository)
• [MISC] Improved CI/CD
• [MISC] Updated python dependencies
• [MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
• [MISC] Add support for ModSecurity JSON LogFormat
• [MISC] Updated OWASP coreruleset to 3.3.5

v1.5.1

Documentation : https://docs.bunkerweb.io/1.5.1/

Docker tags :

• bunkerity/bunkerweb:1.5.1
• bunkerity/bunkerweb-scheduler:1.5.1
• bunkerity/bunkerweb-autoconf:1.5.1
• bunkerity/bunkerweb-ui:1.5.1

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.1&filter=all&dist=

Changelog :

• [BUGFIX] New version checker in logs displays "404 not found"
• [BUGFIX] New version checker in UI
• [BUGFIX] Only get the right keys from plugin.json files when importing plugins
• [BUGFIX] Remove external resources for Google fonts in UI
• [BUGFIX] Support multiple plugin uploads in one zip when using the UI
• [BUGFIX] Variable being ignored instead of saved in the database when value is empty
• [BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
• [BUGFIX] Custom certificate bug after the refactoring
• [BUGFIX] Wrong variables in header phase (fix CORS feature too)
• [BUGFIX] UI not working in Ubuntu (python zope module)
• [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
• [BUGFIX] Custom configurations from env were not being deleted properly
• [BUGFIX] Missing concepts image not displayed in the documentation
• [BUGFIX] Scheduler not picking up new instances IPs in autoconf modes
• [BUGFIX] Autoconf deadlock in k8s
• [BUGFIX] Missing HTTP and HTTPS ports for temp nginx
• [BUGFIX] Infinite loop when sessions is not valid
• [BUGFIX] Missing valid LE certificates in edge cases
• [BUGFIX] Wrong service namespace in k8s
• [BUGFIX] DNS_RESOLVERS regex not accepting hostnames
• [PERFORMANCE] Reduce CPU and RAM usage of scheduler
• [PERFORMANCE] Cache ngx.ctx instead of loading it each time
• [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
• [FEATURE] Add Turnstile antibot mode
• [FEATURE] Add more CORS headers
• [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
• [FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
• [FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
• [FEATURE] Add X-Forwarded-Prefix header when using reverse proxy
• [FEATURE] Add REDIRECT_TO_STATUS_CODE to choose status code 301 or 302 when redirecting
• [DOCUMENTATION] Add timezone information
• [DOCUMENTATION] Add timezone informat
• [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
• [MISC] Temp remove VMWare provider for Vagrant integration
• [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
• [MISC] Move logs to /var/log/bunkerweb folder
• [MISC] Reduce "Got an error reading communication packets" warnings in mariadb/mysql

v1.5.0

Documentation : https://docs.bunkerweb.io/1.5.0/

Docker tags :

• bunkerity/bunkerweb:1.5.0
• bunkerity/bunkerweb-scheduler:1.5.0
• bunkerity/bunkerweb-autoconf:1.5.0
• bunkerity/bunkerweb-ui:1.5.0

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.0&filter=all&dist=

Changelog :

• Refactoring of almost all the components of the project
• Dedicated scheduler service to manage jobs and configuration
• Store configuration in a database backend
• Improved web UI and make it working with all integrations
• Improved internal LUA code
• Improved internal cache of BW
• Add Redis support when using clustered integrations
• Add RHEL integration
• Add Vagrant integration
• Init support of generic TCP/UDP (stream)
• Init support of IPv6
• Improved CI/CD : UI tests, core tests and release automation
• Reduce Docker images size
• Fix and improved core plugins : antibot, cors, dnsbl, ...
• Use PCRE regex instead of LUA patterns
• Connectivity tests at startup/reload with logging

v1.5.0-beta

Documentation : https://docs.bunkerweb.io/1.5.0-beta/

Docker tags :

• bunkerity/bunkerweb:1.5.0-beta
• bunkerity/bunkerweb-scheduler:1.5.0-beta
• bunkerity/bunkerweb-autoconf:1.5.0-beta
• bunkerity/bunkerweb-ui:1.5.0-beta

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.0-beta&filter=all&dist=

Changelog :

• Refactoring of almost all the components of the project
• Dedicated scheduler service to manage jobs and configuration
• Store configuration in a database backend
• Improved web UI and make it working with all integrations
• Improved internal LUA code
• Add Redis support when using clustered integrations
• Add RHEL integration
• Add Vagrant integration
• Improved CI/CD

v1.4.8

Documentation : https://docs.bunkerweb.io/1.4/

Docker tags :

• bunkerity/bunkerweb:1.4.8
• bunkerity/bunkerweb-autoconf:1.4.8
• bunkerity/bunkerweb-ui:1.4.8

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.4.8&filter=all&dist=

Changelog :

• Fix UI bug related to multiple settings
• Increase check reload interval in UI to avoid rate limit
• Fix Let's Encrypt error when using auth basic
• Fix wrong setting name in realip job (again)
• Fix blog posts retrieval in the UI
• Fix missing logs for UI
• Fix error log if BunkerNet ip list is empty
• Updated python dependencies
• Gunicorn will now show the logs in the console for the UI
• BunkerNet job will now create the ip list file at the beginning of the job to avoid errors

v1.4.7

Documentation : https://docs.bunkerweb.io/1.4/

Docker tags :

• bunkerity/bunkerweb:1.4.7
• bunkerity/bunkerweb-autoconf:1.4.7
• bunkerity/bunkerweb-ui:1.4.7

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.4.7&filter=all&dist=

Changelog :

• Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS (again)
• Fix wrong setting name in realip job
• Fix whitelisting not working with modsecurity