Dziennik zmian

Wydano 23 czerwca 2026

• +Przenosi inherited global/vhost compression policy into the native HTTP/1 proxy build build and route proxy build build
• +Merges root/vhost/route header-policy inheritance into native route proxy build build construction
• +Przenosi safe forwarded-client-IP ownership, trusted-chain append, regex rewrites, ACLs, concurrency i rate limits na native path
• +Dodaje native ACME HTTP-01 challenge serving, traffic mirroring, auth-request, and route-scoped gRPC validation

Wydano 21 czerwca 2026

• +Przenosi route-level native response compression onto the HTTP/1 route proxy build build through fluxheim-compression
• +Przenosi proxy build build.error_pages onto native HTTP/1 proxy build build strony fallback backed by fluxheim-web

Wydano 21 czerwca 2026

• +Dodaje native HTTP/1 route static-web serving backed by fluxheim-web
• +Dodaje route request-header mutation, response rewrites, static upstream round-robin, and static upstream weights to the native route proxy build build

Wydano 21 czerwca 2026

• +Dodaje native route redirect actions with safe {uri}, {path}, and {query} expansion
• +Przenosi route body limits and response-header overlays onto native HTTP/1 route proxy build build responses

Wydano 21 czerwca 2026

• +Dodaje native HTTP/1 route-proxy build build execution for exact, prefix, and fallback routes with method filters and safe rewrite handling
• +Dodaje native-http1-proxy build build-candidate wiersze do runtime cutover evidence, aby pozostałe compatibility blockers były explicit

Wydano 20 czerwca 2026

• +Promuje native HTTP/2 downstream safety preview do cutover-ready po skupionych testach parity
• +Czyni representative native runtime cutover report wolnym od blockerów dla prostych konfiguracji HTTP/1, HTTP/2, admin, metrics, stream i UDP

Wydano 20 czerwca 2026

• +Cuts stream and UDP proxy build build service startup over to Fluxheim-owned native task boundaries
• +Dodaje cancellation-safe native shutdown waiting and abort-on-cancel background task joins

Wydano 20 czerwca 2026

• +Starts native admin and metrics serving behind Fluxheim-owned server primitives
• +Wzmacnia native background handles, aby dropped critical handles wykonywały abort zamiast cichego detach tasków

Wydano 20 czerwca 2026

• +Dodaje NativeBackgroundSupervisor dla Fluxheim-owned background task orchestration
• +Dodaje critical task watchdog support and hardens shutdown delivery edge cases

Wydano 20 czerwca 2026

• +Dodaje native runtime cutover evidence gates and fluxheim-config-tester tool tool --runtime-cutover
• +Przenosi remaining Pingora exception targets to a documented multi-release exit plan while keeping policy gates active

Wydano 19 czerwca 2026

• +Dodaje explicit pingora-compat feature gating dla pozostałego compatibility runtime boundary
• +Przenosi rustls/OpenSSL downstream TLS SNI, certificate storage, reload, PEM parsing, and native HTTP/1 TLS listener previews into Fluxheim-owned code

Wydano 19 czerwca 2026

• +Kontynuuje slice Pingora-exit przez zmniejszenie pozostałej root compatibility surface dla proxy build build, cache build build i runtime paths
• +Dzieli native health checks na moduły helper HTTP/gRPC, database, exec i TCP/TLS transport z ostrzejszymi probe bounds

Wydano 19 czerwca 2026

• +Usuwa bezpośrednią dependency Pingora z fluxheim-load-balancer build build
• +Dodaje Fluxheim-owned bounded HTTP/1.1 i h2 gRPC active health checks z policy coverage, aby zapobiec ponownemu wprowadzeniu Pingora

Wydano 19 czerwca 2026

• +Dodaje native HTTP/1.1 proxy build build cutover readiness planning na ServerPlan
• +Fails closed dla compatibility-only proxy build build features, takich jak auth subrequests, mirroring, redirects, strip/rewrite transforms i advanced load-balancer build build policy

Wydano 18 czerwca 2026

• +Dodaje Fluxheim-owned native HTTP/2 upstream client primitive z bounded headers, bodies, trailers i deadlines
• +Dodaje testy h2 client/server dla trailer preservation, oversized responses, stream resets i flow-control timeout behavior

Wydano 18 czerwca 2026

• +Dodaje native rustls/OpenSSL upstream TLS i mTLS support do staged HTTP/1.1 proxy build build path
• +Dodaje ordered static upstream failover dla safe methods plus bounded no-follow TLS material reads i hostname-policy coverage

Wydano 18 czerwca 2026

• +Dodaje bounded native HTTP/1.1 upstream connection pooling dla odpowiedzi origin safe content-length i no-body
• +Dodaje keepalive pool sizing, upstream idle timeout handling, conservative no-reuse guards i rzeczywiste testy socket reuse/expiry

Wydano 18 czerwca 2026

• +Dodaje reusable native HTTP/2 connection primitives z bounded request-body collection i response trailer support
• +Wzmacnia HTTP/2 response lifetime, handler timeout, DATA capacity handling, prohibited headers/trailers i request-body zeroization

Wydano 17 czerwca 2026

• +Dodaje native HTTP/2 runtime preview gate i h2 stack probe z bounded headers, URI, body, streams, frames, buffers i rapid reset policy
• +Dodaje HTTP/2 preview smoke coverage i rozszerza native HTTP/1 behavior coverage dla semantyki HTTP/1.0 keep-alive/close

Wydano 17 czerwca 2026

• +Dodaje bounded native HTTP/1 upstream client i staged native proxy build build handler dla plain static upstreams
• +Dodaje native proxy build build candidate inventory, Fluxheim-owned proxy build build headers, privacy-mode behavior i fail-closed eligibility dla unsupported policy layers

Wydano 17 czerwca 2026

• +Dodaje native HTTP/1 connection/listener runtime nad Tokio IO i staged native static-file adapter
• +Mapuje server limits do native HTTP/1 policy i dodaje socket tests dla keep-alive, body framing, shutdown, static files, slow clients i connection caps

Wydano 17 czerwca 2026

• +Dodaje Fluxheim-owned HTTP/1.0/HTTP/1.1 request-head parsing, request-body framing classification, Host validation, persistence handling i chunked decoding
• +Dodaje downstream HTTP/1 policy defaults i hardened native parser boundaries dla przyszłej pracy runtime cutover

Wydano 16 czerwca 2026

• +Przenosi server bootstrap planning, listener inventory, service intent, background-task intent, HTTP/2 policy, PROXY protocol policy, and private Unix socket planning into fluxheim-server
• +Zachowuje obecny runtime jako explicit compatibility adapter, gdy trwa praca native server/listener

Wydano 16 czerwca 2026

• +Dodaje fluxheim-tls jako downstream TLS listener planning i provider-policy boundary
• +Przenosi TLS listener plans, SNI selection, wildcard matching, ALPN/cipher/curve policy, and rustls/OpenSSL provider checks into the TLS crate
• +Wzmacnia TLS feature gates, SNI fallback behavior, PROXY v2 signature validation i trusted PROXY CIDR validation

Wydano 16 czerwca 2026

• +Dodaje pierwszy dedicated fluxheim-headers boundary dla header policy helpers
• +Przenosi rewrite algorithms, forwarded-header handling, hop-by-hop request policy i repeated-header joining do Fluxheim-owned header code
• +Przenosi stream PROXY protocol byte parsers do fluxheim-protocol and tightens privacy/proxy build build CIDR validation

Wydano 15 czerwca 2026

• +Przenosi shared background task lifecycle primitives do fluxheim-runtime
• +Przenosi OTLP metrics export, ACME certificate reload control, admin snapshot validation state, and rollback decisions into Fluxheim-owned runtime/snapshot code
• +Wzmacnia local certificate reload control socket i private backend filtering

Wydano 15 czerwca 2026

• +Dodaje fluxheim-stream as the internal TCP stream proxy build build runtime boundary
• +Przenosi stream upstream selection, PROXY protocol parsing/writing, source policy, DNS-rebinding guards, byte accounting i timeout handling za Fluxheim-owned stream code

Wydano 14 czerwca 2026

• +Przenosi cache build build key identity, object envelopes, disk index management, storage-bin helpers, tag handling, and cache build build storage interfaces into fluxheim-cache build build
• +Dodaje tests i release gates, które wymuszają targets usunięcia dependency Pingora podczas normalnych uruchomień cargo test

Wydano 14 czerwca 2026

• +Zaczyna pierwsze konkretne wydanie implementacyjne 1.6.x po foundation tag
• +Usuwa pingora-load-balancing/pingora-ketama from full build build and load-balancer build build image profiles, restores 1.6 load-balancer build build image builds, and moves TCP health checks plus request-key extraction behind Fluxheim-owned boundaries

Wydano 14 czerwca 2026

• +Rozpoczęto linię 1.6.x Pingora-exit foundation przy zachowaniu runtime behavior bez zmian
• +Dodano modularity policy validation, legacy oversized-file exceptions, runtime baseline capture i performance evidence capture
• +Dodano release-gated Pingora dependency exceptions, runtime parity fixtures i extraction dependency graph
• +Dodano początkowe fluxheim-runtime and fluxheim-server boundary crates plus primitive typed policy proof

czerwiec 2026

• +Introduced the enterprise HTTP/TCP load-balancer build build line with focused binaries, images, runtime member and weight controls, persistence, health checks, queueing, and migration docs
• +Expanded Fluxheim-owned runtime boundaries across HTTP, stream proxy build building, load balancing, background tasks, cache build build interfaces, observability, config, and shared crates
• +Dodano managed affinity cookies, service discovery, active i protocol-aware health checks, restart-persistent state i runtime backend mutation controls
• +Added UDP beta guardrails, cache build build origin-protection budgets, ARM/Linux and macOS developer assets, config tester archives, and broad proxy build build/cache build build/PHP-FPM security hardening

Wydano 25 maja 2026

• +Production proxy build build parity release with trusted-proxy build build-aware ACLs, local rate limits, concurrency limits, bounded queues, and edge policy metrics
• +gzip, Zstandard, and Brotli response compression with vhost/route overrides and cache build build-safe Vary handling
• +Load-balancer resilience, TLS/protocol parity, PROXY protocol v1/v2, upstream mTLS, HTTP/2 controls i gRPC pass-through

Wydano 23 maja 2026

• +Managed php build build-fpm process supervision under the existing php build build-fpm feature, while external php build build-fpm remains the default
• +Respawn watchdog, bounded backoff, SIGTERM-before-SIGKILL teardown, sanitized environment i private generated pool state
• +Audytowalne [vhosts.php build build.fpm] mode = "managed" config surface dla private sockets, worker counts, process manager modes, slowlog, temp paths i pool files
• +Rozszerzono WordPress PHP-FPM smoke coverage przez external, managed-static, managed-dynamic, managed-ondemand i managed-respawn modes
• +Recommended Wolfi PHP image now installs php build build-8.5-fpm and uses managed php build build-fpm container config by default

Wydano 23 maja 2026

• +FIPS/ISO-required configs fail closed for unsupported internal cryptography, managed ACME, and local cache build build encryption
• +Provider-backed admin auth, numeric-local-loopback OTLP exception, and OpenBao Transit cache build build encryption evidence boundary
• +New compliance evidence template and release evidence package sections for regulated reviews

Wydano 22 maja 2026

• +rustls/AWS-LC FIPS-capable candidate backend przez tls-rustls-fips
• +FIPS i ISO/IEC 19790 rustls profile aliases, config examples, diagnostics i validation script

Wydano 21 maja 2026

• +OpenSSL FIPS/ISO-capable TLS validation przez tls-openssl-fips i provider diagnostics
• +FIPS deployment guide, config fixtures, validation script, release evidence i OWASP Top 10 2025 baseline

Wydano 20 maja 2026

• +PHP-FPM keepalive pooling, upstream retry/failover i request body disk spooling dla bezpieczniejszej pracy pod load
• +WordPress routing/cache build build preset plus PHP application recipes for common framework and forum deployments
• +PHP metrics i OpenTelemetry attributes, X-Accel-Redirect, X-Sendfile i X-Accel-Expires support

Wydano 18 maja 2026

• +fluxheim-acme standalone companion binary dla certificate renewal, status i ACME reload socket signalling
• +fluxheim-config-tester tool tool standalone binary do walidowania configów w CI i container entrypoints bez uruchamiania gateway
• +ACME reload Unix socket — live certificate pickup bez restartu gateway
• +Nowy profil build profile-php build build — proxy build build + web + php build build-fpm + tls-rustls + security
• +Security hardening improvements across the request pipeline

Wydano 16 maja 2026

• +Opt-in PHP-FPM FastCGI bridge for WordPress-style front-controller applications
• +Strict script resolution i bounded FastCGI request/response handling
• +Browser-validated WordPress proxy build build/PHP cookie compatibility fixes
• +PHP-FPM może serwować static assets z tego samego root, route-ując PHP do FPM
• +New php build build-fpm Cargo feature (obejmuje proxy build build and web)

Wydano 14 maja 2026

• +Shared ingress/TLS feature-graph split — focused cache build build and proxy build build profiles are now TLS/ACME-capable
• +New profile-cache build build-edge — cache build build without static web module
• +New profile-proxy build build-edge — focused reverse proxy build build edge
• +Official focused container images for cache build build and proxy build build profiles

May 2026

2026

• + Profile TLS policy
• + Multi-certificate rustls SNI
• + Managed ACME certificate issuance i renewal
• + EAB-capable issuers (Actalis i inni)
• + Obsługa file-backed TLS secrets
• + acme-init prowadzony issuer bootstrap tool
• + Spakowane systemd units dla certificate renewal

2026

• + Virtual host routing przez Host header z default-vhost fallback
• + Route-level static, proxy build build, and redirect actions
• + Static file serving with MIME detection, ETag, conditional 304, byte ranges
• + Whole-vhost and route-level reverse proxy build building
• + rustls TLS with SNI, static/bought certificate support
• + Tryb safe ACME HTTP-01 challenge forwarding
• + Admin control-plane with bearer-token auth and brute-force throttling
• + Polityka secure request/response header
• + Optional HTTP → HTTPS redirect with safe Host validation
• + Systemd unit i RPM packaging
• + Rootless Podman container images