Ændringslog

Udgivet 23. juni 2026

• +Flytter inherited global/vhost compression policy into the native HTTP/1 proxy-lag-lag and route proxy-lag-lag
• +Merges root/vhost/route header-policy inheritance into native route proxy-lag-lag construction
• +Flytter safe forwarded-client-IP ownership, trusted-chain append, regex rewrites, ACL'er, concurrency og rate limits over på native path
• +Tilføjer native ACME HTTP-01 challenge serving, traffic mirroring, auth-request, and route-scoped gRPC validation

Udgivet 21. juni 2026

• +Flytter route-level native response compression onto the HTTP/1 route proxy-lag-lag through fluxheim-compression
• +Flytter proxy-lag-lag.error_pages onto native HTTP/1 proxy-lag-lag fallback-sider understøttet af fluxheim-web

Udgivet 21. juni 2026

• +Tilføjer native HTTP/1 route static-web serving backed by fluxheim-web
• +Tilføjer route request-header mutation, response rewrites, static upstream round-robin, and static upstream weights to the native route proxy-lag-lag

Udgivet 21. juni 2026

• +Tilføjer native route redirect actions with safe {uri}, {path}, and {query} expansion
• +Flytter route body limits and response-header overlays onto native HTTP/1 route proxy-lag-lag responses

Udgivet 21. juni 2026

• +Tilføjer native HTTP/1 route-proxy-lag-lag execution for exact, prefix, and fallback routes with method filters and safe rewrite handling
• +Tilføjer native-http1-proxy-lag-lag-candidate rækker til runtime cutover evidence, så resterende compatibility blockers er eksplicitte

Udgivet 20. juni 2026

• +Promoverer native HTTP/2 downstream safety preview til cutover-ready efter fokuserede parity-tests
• +Gør den representative native runtime cutover report blocker-free for simple HTTP/1, HTTP/2, admin, metrics, stream og UDP configurations

Udgivet 20. juni 2026

• +Cuts stream and UDP proxy-lag-lag service startup over to Fluxheim-owned native task boundaries
• +Tilføjer cancellation-safe native shutdown waiting and abort-on-cancel background task joins

Udgivet 20. juni 2026

• +Starts native admin and metrics serving behind Fluxheim-owned server primitives
• +Hardener native background handles, så dropped critical handles aborter i stedet for tavst at detach'e tasks

Udgivet 20. juni 2026

• +Tilføjer NativeBackgroundSupervisor til Fluxheim-owned background task orchestration
• +Tilføjer critical task watchdog support and hardens shutdown delivery edge cases

Udgivet 20. juni 2026

• +Tilføjer native runtime cutover evidence gates and fluxheim-config-tester-værktøj-værktøj --runtime-cutover
• +Flytter remaining Pingora exception targets to a documented multi-release exit plan while keeping policy gates active

Udgivet 19. juni 2026

• +Tilføjer eksplicit pingora-compat feature gating for den resterende compatibility runtime boundary
• +Flytter rustls/OpenSSL downstream TLS SNI, certificate storage, reload, PEM parsing, and native HTTP/1 TLS listener previews into Fluxheim-owned code

Udgivet 19. juni 2026

• +Fortsætter Pingora-exit-slicen ved at reducere den resterende root compatibility-surface for proxy-lag-lag-, cache-lag-lag- og runtime-paths
• +Splitter native health checks i HTTP/gRPC-, database-, exec- og TCP/TLS-transport helper-moduler med strengere probe-grænser

Udgivet 19. juni 2026

• +Fjerner den direkte Pingora-dependency fra fluxheim-load-balancer-variant-variant
• +Tilføjer Fluxheim-owned bounded HTTP/1.1 og h2 gRPC active health checks med policy coverage for at forhindre Pingora-genindførsel

Udgivet 19. juni 2026

• +Tilføjer native HTTP/1.1 proxy-lag-lag cutover readiness-planning på ServerPlan
• +Fail-closed for compatibility-only proxy-lag-lag features som auth subrequests, mirroring, redirects, strip/rewrite transforms og advanced load-balancer-variant-variant policy

Udgivet 18. juni 2026

• +Tilføjer en Fluxheim-owned native HTTP/2 upstream client primitive med bounded headers, bodies, trailers og deadlines
• +Tilføjer h2 client/server-tests for trailer preservation, oversized responses, stream resets og flow-control timeout behavior

Udgivet 18. juni 2026

• +Tilføjer native rustls/OpenSSL upstream TLS og mTLS-support til den staged HTTP/1.1 proxy-lag-lag path
• +Tilføjer ordered static upstream failover for sikre metoder plus bounded no-follow TLS material reads og hostname-policy coverage

Udgivet 18. juni 2026

• +Tilføjer bounded native HTTP/1.1 upstream connection pooling for sikre content-length og no-body origin responses
• +Tilføjer keepalive pool sizing, upstream idle timeout handling, konservative no-reuse guards og ægte socket reuse/expiry-tests

Udgivet 18. juni 2026

• +Tilføjer genbrugelige native HTTP/2 connection primitives med bounded request-body collection og response trailer support
• +Hardener HTTP/2 response lifetime, handler timeout, DATA capacity handling, prohibited headers/trailers og request-body zeroization

Udgivet 17. juni 2026

• +Tilføjer native HTTP/2 runtime-preview-gate og h2 stack probe med bounded headers, URI, body, streams, frames, buffers og rapid reset policy
• +Tilføjer HTTP/2 preview smoke coverage og udvider native HTTP/1 behavior coverage for HTTP/1.0 keep-alive/close semantics

Udgivet 17. juni 2026

• +Tilføjer bounded native HTTP/1 upstream client og staged native proxy-lag-lag handler til plain static upstreams
• +Tilføjer native proxy-lag-lag candidate inventory, Fluxheim-owned proxy-lag-lag headers, privacy-mode behavior og fail-closed eligibility for ikke-understøttede policy-lag

Udgivet 17. juni 2026

• +Tilføjer native HTTP/1 connection/listener runtime over Tokio IO og staged native static-file adapter
• +Mapper server limits ind i native HTTP/1 policy og tilføjer socket-tests for keep-alive, body framing, shutdown, static files, slow clients og connection caps

Udgivet 17. juni 2026

• +Tilføjer Fluxheim-owned HTTP/1.0/HTTP/1.1 request-head parsing, request-body framing classification, Host validation, persistence handling og chunked decoding
• +Tilføjer downstream HTTP/1 policy defaults og hardened native parser boundaries til fremtidigt runtime cutover-arbejde

Udgivet 16. juni 2026

• +Flytter server bootstrap planning, listener inventory, service intent, background-task intent, HTTP/2 policy, PROXY protocol policy, and private Unix socket planning into fluxheim-server
• +Holder den nuværende runtime som eksplicit compatibility adapter, mens native server/listener-arbejdet fortsætter

Udgivet 16. juni 2026

• +Tilføjer fluxheim-tls som downstream TLS listener planning og provider-policy boundary
• +Flytter TLS listener plans, SNI selection, wildcard matching, ALPN/cipher/curve policy, and rustls/OpenSSL provider checks into the TLS crate
• +Hardener TLS feature gates, SNI fallback behavior, PROXY v2 signature validation og trusted PROXY CIDR validation

Udgivet 16. juni 2026

• +Tilføjer den første dedikerede fluxheim-headers boundary for header-policy-hjælpere
• +Flytter rewrite algorithms, forwarded-header handling, hop-by-hop request policy og repeated-header joining ind i Fluxheim-owned header code
• +Flytter stream PROXY protocol byte parsers ind i fluxheim-protocol and tightens privacy/proxy-lag-lag CIDR validation

Udgivet 15. juni 2026

• +Flytter shared background task lifecycle primitives ind i fluxheim-runtime
• +Flytter OTLP metrics export, ACME certificate reload control, admin snapshot validation state, and rollback decisions into Fluxheim-owned runtime/snapshot code
• +Hardener local certificate reload control socket og private backend filtering

Udgivet 15. juni 2026

• +Tilføjer fluxheim-stream as the internal TCP stream proxy-lag-lag runtime boundary
• +Flytter stream upstream selection, PROXY protocol parsing/writing, source policy, DNS-rebinding guards, byte accounting og timeout handling bag Fluxheim-owned stream code

Udgivet 14. juni 2026

• +Flytter cache-lag-lag key identity, object envelopes, disk index management, storage-bin helpers, tag handling, and cache-lag-lag storage interfaces into fluxheim-cache-lag-lag
• +Tilføjer tests og release gates, der håndhæver Pingora dependency removal targets under normale cargo test-kørsler

Udgivet 14. juni 2026

• +Starter den første konkrete 1.6.x implementation release efter foundation-tagget
• +Fjerner pingora-load-balancing/pingora-ketama from fuld variant and load-balancer-variant-variant image profiles, restores 1.6 load-balancer-variant-variant image builds, and moves TCP health checks plus request-key extraction behind Fluxheim-owned boundaries

Udgivet 14. juni 2026

• +Startede 1.6.x Pingora-exit foundation-linjen mens runtime behavior holdes uændret
• +Tilføjede modularity policy validation, legacy oversized-file exceptions, runtime baseline capture og performance evidence capture
• +Tilføjede release-gated Pingora dependency exceptions, runtime parity fixtures og extraction dependency graph
• +Tilføjede indledende fluxheim-runtime and fluxheim-server boundary crates plus typede policy proof primitives

Juni 2026

• +Introduced the enterprise HTTP/TCP load-balancer-variant-variant line with focused binaries, images, runtime member and weight controls, persistence, health checks, queueing, and migration docs
• +Expanded Fluxheim-owned runtime boundaries across HTTP, stream proxy-lag-laging, load balancing, background tasks, cache-lag-lag interfaces, observability, config, and shared crates
• +Tilføjede managed affinity cookies, service discovery, active og protocol-aware health checks, restart-persistent state og runtime backend mutation controls
• +Added UDP beta guardrails, cache-lag-lag origin-protection budgets, ARM/Linux and macOS developer assets, config tester archives, and broad proxy-lag-lag/cache-lag-lag/PHP-FPM security hardening

Udgivet 25. maj 2026

• +Production proxy-lag-lag parity release with trusted-proxy-lag-lag-aware ACLs, local rate limits, concurrency limits, bounded queues, and edge policy metrics
• +gzip, Zstandard, and Brotli response compression with vhost/route overrides and cache-lag-lag-safe Vary handling
• +Load-balancer resilience, TLS/protocol parity, PROXY protocol v1/v2, upstream mTLS, HTTP/2 controls og gRPC pass-through

Udgivet 23. maj 2026

• +Managed PHP-variant-fpm process supervision under the existing PHP-variant-fpm feature, while external PHP-variant-fpm remains the default
• +Respawn watchdog, bounded backoff, SIGTERM-before-SIGKILL teardown, sanitized environment og private generated pool state
• +Auditerbar [vhosts.PHP-variant.fpm] mode = "managed" config surface for private sockets, worker counts, process manager modes, slowlog, temp paths og pool files
• +Udvidede WordPress PHP-FPM smoke coverage på tværs af external, managed-static, managed-dynamic, managed-ondemand og managed-respawn modes
• +Recommended Wolfi PHP image now installs PHP-variant-8.5-fpm and uses managed PHP-variant-fpm container config by default

Udgivet 23. maj 2026

• +FIPS/ISO-required configs fail closed for unsupported internal cryptography, managed ACME, and local cache-lag-lag encryption
• +Provider-backed admin auth, numeric-local-loopback OTLP exception, and OpenBao Transit cache-lag-lag encryption evidence boundary
• +New compliance evidence template and release evidence package sections for regulated reviews

Udgivet 22. maj 2026

• +rustls/AWS-LC FIPS-capable candidate backend gennem tls-rustls-fips
• +FIPS og ISO/IEC 19790 rustls profile aliases, config examples, diagnostics og validation script

Udgivet 21. maj 2026

• +OpenSSL FIPS/ISO-capable TLS validation gennem tls-openssl-fips og provider diagnostics
• +FIPS deployment guide, config fixtures, validation script, release evidence og OWASP Top 10 2025 baseline

Udgivet 20. maj 2026

• +PHP-FPM keepalive pooling, upstream retry/failover og request body disk spooling for sikrere drift under load
• +WordPress routing/cache-lag-lag preset plus PHP application recipes for common framework and forum deployments
• +PHP metrics og OpenTelemetry attributes, X-Accel-Redirect, X-Sendfile og X-Accel-Expires-support

Udgivet 18. maj 2026

• +fluxheim-acme standalone companion binary til certificate renewal, status og ACME reload socket signalling
• +fluxheim-config-tester-værktøj-værktøj standalone binary til validering af configs i CI og container entrypoints uden at starte gatewayen
• +ACME reload Unix socket - live certificate pickup uden gateway restart
• +Ny profile-PHP-variant build profile - proxy-lag-lag + web + PHP-variant-fpm + tls-rustls + security
• +Security hardening improvements across the request pipeline

Udgivet 16. maj 2026

• +Opt-in PHP-FPM FastCGI bridge for WordPress-style front-controller applications
• +Streng script resolution og bounded FastCGI request/response handling
• +Browser-validated WordPress proxy-lag-lag/PHP cookie compatibility fixes
• +PHP-FPM kan servere static assets fra samme root, mens PHP routes til FPM
• +New PHP-variant-fpm Cargo-feature (indebærer proxy-lag-lag and web)

Udgivet 14. maj 2026

• +Shared ingress/TLS feature-graph split — focused cache-lag-lag and proxy-lag-lag profiles are now TLS/ACME-capable
• +New profile-cache-lag-lag-edge — cache-lag-lag without static web module
• +New profile-proxy-lag-lag-edge — focused reverse proxy-lag-lag edge
• +Official focused container images for cache-lag-lag and proxy-lag-lag profiles

May 2026

2026

• + TLS policy-profiler
• + Multi-certificate rustls SNI
• + Administreret ACME certificate issuance og renewal
• + EAB-capable issuers (Actalis og andre)
• + File-backed TLS-secrets
• + acme-init guidet issuer bootstrap-værktøj
• + Pakkede certificate renewal systemd units

2026

• + Virtual host routing efter Host-header med default-vhost fallback
• + Route-level static, proxy-lag-lag, and redirect actions
• + Static file serving with MIME detection, ETag, conditional 304, byte ranges
• + Whole-vhost and route-level reverse proxy-lag-laging
• + rustls TLS with SNI, static/bought certificate support
• + Sikker ACME HTTP-01 challenge forwarding
• + Admin control-plane with bearer-token auth and brute-force throttling
• + Sikker request/response-headerpolicy
• + Optional HTTP → HTTPS redirect with safe Host validation
• + Systemd-unit, RPM-packaging
• + Rootless Podman container images