Muudatuste logi

Avaldatud 23. juunil 2026

• +Liigutab inherited global/vhost compression policy into the native HTTP/1 proxy edge edge and route proxy edge edge
• +Merges root/vhost/route header-policy inheritance into native route proxy edge edge construction
• +Liigutab safe forwarded-client-IP ownershipi, trusted-chain appendi, regex rewrite'id, ACL-id, concurrency ja rate limitid native pathile
• +Lisab native ACME HTTP-01 challenge serving, traffic mirroring, auth-request, and route-scoped gRPC validation

Avaldatud 21. juunil 2026

• +Liigutab route-level native response compression onto the HTTP/1 route proxy edge edge through fluxheim-compression
• +Liigutab proxy edge edge.error_pages onto native HTTP/1 proxy edge edge fallback-lehed, mille taga on fluxheim-web

Avaldatud 21. juunil 2026

• +Lisab native HTTP/1 route static-web serving backed by fluxheim-web
• +Lisab route request-header mutation, response rewrites, static upstream round-robin, and static upstream weights to the native route proxy edge edge

Avaldatud 21. juunil 2026

• +Lisab native route redirect actions with safe {uri}, {path}, and {query} expansion
• +Liigutab route body limits and response-header overlays onto native HTTP/1 route proxy edge edge responses

Avaldatud 21. juunil 2026

• +Lisab native HTTP/1 route-proxy edge edge execution for exact, prefix, and fallback routes with method filters and safe rewrite handling
• +Lisab native-http1-proxy edge edge-candidate read runtime cutover evidence'i, et allesjäänud compatibility blockerid oleksid selged

Avaldatud 20. juunil 2026

• +Tõstab native HTTP/2 downstream safety preview cutover-ready olekusse pärast fokuseeritud parity teste
• +Muudab representative native runtime cutover reporti blocker-free olekusse lihtsate HTTP/1, HTTP/2, admin, metrics, stream ja UDP konfiguratsioonide jaoks

Avaldatud 20. juunil 2026

• +Cuts stream and UDP proxy edge edge service startup over to Fluxheim-owned native task boundaries
• +Lisab cancellation-safe native shutdown waiting and abort-on-cancel background task joins

Avaldatud 20. juunil 2026

• +Starts native admin and metrics serving behind Fluxheim-owned server primitives
• +Hardenib native background handle'id nii, et dropped critical handle'id abortivad, mitte ei detach'i task'e vaikselt

Avaldatud 20. juunil 2026

• +Lisab NativeBackgroundSupervisor Fluxheimi omatud background task orchestrationi jaoks
• +Lisab critical task watchdog support and hardens shutdown delivery edge cases

Avaldatud 20. juunil 2026

• +Lisab native runtime cutover evidence gates and fluxheim-config tester tööriist --runtime-cutover
• +Liigutab remaining Pingora exception targets to a documented multi-release exit plan while keeping policy gates active

Avaldatud 19. juunil 2026

• +Lisab selge pingora-compat feature gating allesjäänud compatibility runtime boundary jaoks
• +Liigutab rustls/OpenSSL downstream TLS SNI, certificate storage, reload, PEM parsing, and native HTTP/1 TLS listener previews into Fluxheim-owned code

Avaldatud 19. juunil 2026

• +Jätkab Pingora-exit lõiku, vähendades allesjäänud root compatibility pinda proxy edge edge, cache edge edge ja runtime pathidel
• +Jagab native health checkid HTTP/gRPC, database, exec ja TCP/TLS transport helper mooduliteks rangemate probe piiridega

Avaldatud 19. juunil 2026

• +Eemaldab otsese Pingora sõltuvuse moodulist fluxheim-koormusjaotur
• +Lisab Fluxheimi omatud piiratud HTTP/1.1 ja h2 gRPC active health checkid policy katvusega, et vältida Pingora tagasitulekut

Avaldatud 19. juunil 2026

• +Lisab native HTTP/1.1 proxy edge edge cutover readiness plaani kohas ServerPlan
• +Fail-closed compatibility-only proxy edge edge feature'ite jaoks, nagu auth subrequests, mirroring, redirects, strip/rewrite transforms ja advanced koormusjaotur policy

Avaldatud 18. juunil 2026

• +Lisab Fluxheimi omatud native HTTP/2 upstream client primitive'i piiratud headerite, body'de, trailerite ja deadline'idega
• +Lisab h2 client/server testid trailer preservationi, oversized response'ide, stream resetite ja flow-control timeout behaviori jaoks

Avaldatud 18. juunil 2026

• +Lisab native rustls/OpenSSL upstream TLS-i ja mTLS-i staged HTTP/1.1 proxy edge edge pathile
• +Lisab ordered static upstream failoveri safe methodite jaoks ning bounded no-follow TLS material reads ja hostname-policy katvuse

Avaldatud 18. juunil 2026

• +Lisab piiratud native HTTP/1.1 upstream connection poolingu safe content-length ja no-body origin response'ide jaoks
• +Lisab keepalive pool sizingu, upstream idle timeout handlingu, konservatiivsed no-reuse guardid ja päris socket reuse/expiry testid

Avaldatud 18. juunil 2026

• +Lisab taaskasutatavad native HTTP/2 connection primitive'id piiratud request-body collectioni ja response trailer supportiga
• +Hardenib HTTP/2 response lifetime'i, handler timeout'i, DATA capacity handlingu, keelatud headerid/trailerid ja request-body zeroizationi

Avaldatud 17. juunil 2026

• +Lisab native HTTP/2 runtime preview gate'i ja h2 stack probe'i piiratud headerite, URI, body, streamide, frame'ide, bufferite ja rapid reset policyga
• +Lisab HTTP/2 preview smoke coverage'i ja laiendab native HTTP/1 behavior coverage'i HTTP/1.0 keep-alive/close semantikale

Avaldatud 17. juunil 2026

• +Lisab bounded native HTTP/1 upstream clienti ja staged native proxy edge edge handleri plain static upstreamidele
• +Lisab native proxy edge edge candidate inventory, Fluxheimi omatud proxy edge edge headerid, privacy-mode behaviori ja fail-closed eligibility toetamatutele policy kihtidele

Avaldatud 17. juunil 2026

• +Lisab native HTTP/1 connection/listener runtime'i Tokio IO kohal ja staged native static-file adapteri
• +Kaardistab server limits native HTTP/1 policyks ja lisab socket testid keep-alive'i, body framingu, shutdowni, static files'i, slow clientide ja connection caps'i jaoks

Avaldatud 17. juunil 2026

• +Lisab Fluxheimi omatud HTTP/1.0/HTTP/1.1 request-head parsing'u, request-body framing classificationi, Host validationi, persistence handlingu ja chunked decodingu
• +Lisab downstream HTTP/1 policy defaults'id ja hardened native parser boundary'd tulevase runtime cutover töö jaoks

Avaldatud 16. juunil 2026

• +Liigutab server bootstrap planning, listener inventory, service intent, background-task intent, HTTP/2 policy, PROXY protocol policy, and private Unix socket planning into fluxheim-server
• +Hoiab praeguse runtime'i selge compatibility adapterina, kuni native server/listener töö jätkub

Avaldatud 16. juunil 2026

• +Lisab fluxheim-tls downstream TLS listener planningu ja provider-policy boundaryna
• +Liigutab TLS listener plans, SNI selection, wildcard matching, ALPN/cipher/curve policy, and rustls/OpenSSL provider checks into the TLS crate
• +Hardenib TLS feature gate'id, SNI fallback behaviori, PROXY v2 signature validationi ja trusted PROXY CIDR validationi

Avaldatud 16. juunil 2026

• +Lisab esimese eraldi fluxheim-headers boundary header policy helperite jaoks
• +Liigutab rewrite algorithms, forwarded-header handlingu, hop-by-hop request policy ja repeated-header joining'u Fluxheimi omatud header code'i
• +Liigutab stream PROXY protocol byte parserid moodulisse fluxheim-protocol and tightens privacy/proxy edge edge CIDR validation

Avaldatud 15. juunil 2026

• +Liigutab shared background task lifecycle primitive'id moodulisse fluxheim-runtime
• +Liigutab OTLP metrics export, ACME certificate reload control, admin snapshot validation state, and rollback decisions into Fluxheim-owned runtime/snapshot code
• +Hardenib local certificate reload control socketi ja private backend filtering'u

Avaldatud 15. juunil 2026

• +Lisab fluxheim-stream as the internal TCP stream proxy edge edge runtime boundary
• +Liigutab stream upstream selectioni, PROXY protocol parsing/writingu, source policy, DNS-rebinding guardid, byte accountingu ja timeout handlingu Fluxheimi omatud stream code'i taha

Avaldatud 14. juunil 2026

• +Liigutab cache edge edge key identity, object envelopes, disk index management, storage-bin helpers, tag handling, and cache edge edge storage interfaces into fluxheim-cache edge edge
• +Lisab testid ja release gate'id, mis jõustavad Pingora dependency eemaldamise eesmärke tavapäraste cargo test käivituste ajal

Avaldatud 14. juunil 2026

• +Alustab esimest konkreetset 1.6.x implementation release'i pärast foundation tagi
• +Eemaldab pingora-load-balancing/pingora-ketama from täielik build and koormusjaotur image profiles, restores 1.6 koormusjaotur image builds, and moves TCP health checks plus request-key extraction behind Fluxheim-owned boundaries

Avaldatud 14. juunil 2026

• +Alustas 1.6.x Pingora-exit foundation liini, säilitades runtime behaviori muutumatuna
• +Lisati modularity policy validation, legacy oversized-file erandid, runtime baseline capture ja performance evidence capture
• +Lisati release-gated Pingora dependency erandid, runtime parity fixtures ja extraction dependency graph
• +Lisati algne fluxheim-runtime and fluxheim-server boundary crate'id koos typed policy proof primitive'idega

Juuni 2026

• +Introduced the enterprise HTTP/TCP koormusjaotur line with focused binaries, images, runtime member and weight controls, persistence, health checks, queueing, and migration docs
• +Expanded Fluxheim-owned runtime boundaries across HTTP, stream proxy edge edgeing, load balancing, background tasks, cache edge edge interfaces, observability, config, and shared crates
• +Lisati managed affinity cookies, service discovery, active ja protocol-aware health checks, restart-persistent state ning runtime backend mutation controls
• +Added UDP beta guardrails, cache edge edge origin-protection budgets, ARM/Linux and macOS developer assets, config tester archives, and broad proxy edge edge/cache edge edge/PHP-FPM security hardening

Avaldatud 25. mail 2026

• +Production proxy edge edge parity release with trusted-proxy edge edge-aware ACLs, local rate limits, concurrency limits, bounded queues, and edge policy metrics
• +gzip, Zstandard, and Brotli response compression with vhost/route overrides and cache edge edge-safe Vary handling
• +Load-balancer resilience, TLS/protocol parity, PROXY protocol v1/v2, upstream mTLS, HTTP/2 controls ja gRPC pass-through

Avaldatud 23. mail 2026

• +Managed PHP-fpm process supervision under the existing PHP-fpm feature, while external PHP-fpm remains the default
• +Respawn watchdog, bounded backoff, SIGTERM-before-SIGKILL teardown, sanitiseeritud environment ja private generated pool state
• +Auditeeritav [vhosts.PHP.fpm] mode = "managed" config surface private socketite, worker countide, process manager mode'ide, slowlogi, temp pathide ja pool file'ide jaoks
• +Laiendati WordPress PHP-FPM smoke coverage'i external, managed-static, managed-dynamic, managed-ondemand ja managed-respawn mode'idele
• +Recommended Wolfi PHP image now installs PHP-8.5-fpm and uses managed PHP-fpm container config by default

Avaldatud 23. mail 2026

• +FIPS/ISO-required configs fail closed for unsupported internal cryptography, managed ACME, and local cache edge edge encryption
• +Provider-backed admin auth, numeric-local-loopback OTLP exception, and OpenBao Transit cache edge edge encryption evidence boundary
• +New compliance evidence template and release evidence package sections for regulated reviews

Avaldatud 22. mail 2026

• +rustls/AWS-LC FIPS-capable candidate backend läbi tls-rustls-fips
• +FIPS ja ISO/IEC 19790 rustls profile aliasid, config näited, diagnostika ja validation script

Avaldatud 21. mail 2026

• +OpenSSL FIPS/ISO-capable TLS validation mooduli kaudu tls-openssl-fips ja provider diagnostics
• +FIPS deployment guide, config fixtures, validation script, release evidence ja OWASP Top 10 2025 baseline

Avaldatud 20. mail 2026

• +PHP-FPM keepalive pooling, upstream retry/failover ja request body disk spooling turvalisemaks tööks koormuse all
• +WordPress routing/cache edge edge preset plus PHP application recipes for common framework and forum deployments
• +PHP metrics ja OpenTelemetry attributes, X-Accel-Redirect, X-Sendfile ja X-Accel-Expires tugi

Avaldatud 18. mail 2026

• +fluxheim-acme standalone companion binäär sertifikaadi uuendamise, oleku ja ACME reload socket signalling'u jaoks
• +fluxheim-config tester tööriist standalone binäär configide valideerimiseks CI-s ja container entrypointides ilma gatewayd käivitamata
• +ACME reload Unix socket - live certificate pickup ilma gateway restartita
• +Uus profile-PHP build profile - proxy edge edge + web + PHP-fpm + tls-rustls + security
• +Security hardening improvements across the request pipeline

Avaldatud 16. mail 2026

• +Opt-in PHP-FPM FastCGI bridge for WordPress-style front-controller applications
• +Range script resolution ja piiratud FastCGI request/response handling
• +Browser-validated WordPress proxy edge edge/PHP cookie compatibility fixes
• +PHP-FPM saab serveerida static asseteid samast rootist, suunates PHP FPM-i
• +New PHP-fpm Cargo feature (eeldab proxy edge edge and web)

Avaldatud 14. mail 2026

• +Shared ingress/TLS feature-graph split — focused cache edge edge and proxy edge edge profiles are now TLS/ACME-capable
• +New profile-cache edge edge-edge — cache edge edge without static web module
• +New profile-proxy edge edge-edge — focused reverse proxy edge edge edge
• +Official focused container images for cache edge edge and proxy edge edge profiles

May 2026

2026

• + TLS policy profiilid
• + Multi-certificate rustls SNI
• + Hallatud ACME sertifikaadi väljastamine ja uuendamine
• + EAB-capable issuerid (Actalis ja teised)
• + Failipõhised TLS secrets
• + acme-init juhendatud issuer bootstrap tööriist
• + Pakendatud certificate renewal systemd unitid

2026

• + Virtual host routing Host headeri järgi default-vhost fallbackiga
• + Route-level static, proxy edge edge, and redirect actions
• + Static file serving with MIME detection, ETag, conditional 304, byte ranges
• + Whole-vhost and route-level reverse proxy edge edgeing
• + rustls TLS with SNI, static/bought certificate support
• + Turvaline ACME HTTP-01 challenge forwarding
• + Admin control-plane with bearer-token auth and brute-force throttling
• + Turvaline request/response header policy
• + Optional HTTP → HTTPS redirect with safe Host validation
• + Systemd unit ja RPM packaging
• + Rootless Podman container images