2019-08-12 17:39:14 +02:00
|
|
|
# Jetforce Changelog
|
|
|
|
|
2020-05-31 06:15:33 +02:00
|
|
|
### v0.3.0
|
2020-01-13 01:31:48 +01:00
|
|
|
|
2020-05-24 06:39:47 +02:00
|
|
|
This release brings some major improvements and necessary refactoring of the
|
|
|
|
jetforce package. Please read the release notes carefully and exercise caution
|
|
|
|
when upgrading from previous versions of jetforce.
|
|
|
|
|
|
|
|
#### For users of the static file server
|
|
|
|
|
|
|
|
If you are running jetforce only as a static file & CGI server (i.e. you
|
|
|
|
are using the command-line and haven't written any custom python applications),
|
|
|
|
you should not need to make any changes.
|
|
|
|
|
|
|
|
There have been some minor updates to the CGI variables, and new CGI variables
|
|
|
|
have been added with additional TLS information. Check out the README for the
|
|
|
|
new list.
|
|
|
|
|
|
|
|
This package now has third-party python dependencies. If you installed jetforce
|
|
|
|
through pip, you should be already fine. If you were running the ``jetforce.py``
|
|
|
|
script directly from the git repository, you will likely either want to switch
|
|
|
|
to installing from pip (recommended), or setup a virtual environment and run
|
|
|
|
``python setup.py install``. This will install the dependencies and stick a
|
|
|
|
``jetforce`` executable into your system path.
|
|
|
|
|
|
|
|
#### jetforce-diagnostics
|
|
|
|
|
|
|
|
The ``jetforce-diagnostics`` script is no longer included as part of jetforce.
|
|
|
|
It has been moved to its own repository at
|
|
|
|
[gemini-diagnostics](https://github.com/michael-lazar/gemini-diagnostics).
|
|
|
|
|
|
|
|
#### Code Structure
|
|
|
|
|
|
|
|
The underlying TCP server framework has been switched from asyncio+ssl to
|
|
|
|
twisted+PyOpenSSL. This change was necessary to allow support for self-signed
|
|
|
|
client certificates. The new framework provides more access to hook into the
|
|
|
|
OpenSSL library and implement non-standard TLS behavior.
|
|
|
|
|
|
|
|
I tried to isolate the framework changes to the ``GeminiServer`` layer. This
|
|
|
|
means that if you subclassed from the ``JetforceApplication``, you will likely
|
|
|
|
not need to change anything in your application code. Launching a jetforce
|
|
|
|
server from inside of python code has been simplified (no more setting up the
|
|
|
|
asyncio event loop!).
|
|
|
|
|
|
|
|
```
|
|
|
|
server = GeminiServer(app)
|
|
|
|
server.run()
|
|
|
|
```
|
|
|
|
|
2020-05-26 05:52:11 +02:00
|
|
|
Check out the updated examples in the *examples/* directory for more details.
|
2020-05-24 06:39:47 +02:00
|
|
|
|
|
|
|
#### TLS Client Certificates
|
|
|
|
|
|
|
|
Jetforce will now accept self-signed and unvalidated client certificates. The
|
|
|
|
``capath`` and ``cafile`` arguments can still be provided, and will attempt to
|
|
|
|
validate the certificate using of the underlying OpenSSL library. The result
|
2020-05-30 20:39:31 +02:00
|
|
|
of this validation will be saved in the ``TLS_CLIENT_AUTHORISED`` environment
|
2020-05-24 06:39:47 +02:00
|
|
|
variable so that each application can decide how it wants to accept/reject the
|
|
|
|
connection.
|
|
|
|
|
|
|
|
In order to facilitate TOFU verification schemes, a fingerprint of the client
|
|
|
|
certificate is now computed and saved in the ``TLS_CLIENT_HASH`` environment
|
|
|
|
variable.
|
|
|
|
|
|
|
|
#### Other Changes
|
|
|
|
|
|
|
|
- A client certificate can now have an empty ``commonName`` field.
|
2020-05-26 06:25:48 +02:00
|
|
|
- ``JetforceApplication.route()`` - named capture groups in regex patterns will
|
|
|
|
now be passed as keyword arguments to the wrapped function. See
|
2020-05-24 06:39:47 +02:00
|
|
|
examples/pagination.py for an example of how to use this feature.
|
2020-05-26 06:25:48 +02:00
|
|
|
- ``CompositeApplication`` - A class is now included to support composing
|
|
|
|
composing multiple applications behind the same jetforce server. See
|
2020-05-26 05:52:11 +02:00
|
|
|
examples/vhost.py for an example of how to use this feature.
|
2020-05-26 06:25:48 +02:00
|
|
|
- CGI variables - ``SCRIPT_NAME`` and ``PATH_INFO`` have been changed to match
|
2020-05-26 05:52:11 +02:00
|
|
|
their intended usage as defined in RFC 3875.
|
|
|
|
- CGI variables - ``TLS_CIPHER`` and ``TLS_VERSION`` have been added and
|
|
|
|
contain information about the established TLS connection.
|
2020-05-26 06:25:48 +02:00
|
|
|
- Applications can now optionally return ``Deferred`` objects instead of bytes,
|
|
|
|
in order to support full-blown asynchronous coroutines.
|
2020-04-20 04:06:06 +02:00
|
|
|
|
2020-05-25 03:29:19 +02:00
|
|
|
### v0.2.3 (2020-05-24)
|
|
|
|
|
|
|
|
- Fix a security vulnerability that allowed maliciously crafted URLs to break
|
|
|
|
out of the root server directory.
|
|
|
|
|
|
|
|
### v0.2.2 (2020-03-31)
|
2020-03-31 16:41:39 +02:00
|
|
|
|
|
|
|
- Fix a regression in path matching for the static directory application.
|
|
|
|
|
2020-05-25 03:29:19 +02:00
|
|
|
### v0.2.1 (2020-03-31)
|
2020-03-31 06:40:10 +02:00
|
|
|
|
|
|
|
- A hostname can now be specified in the route pattern, to facilitate running
|
|
|
|
multiple vhosts on a single jetforce server.
|
2020-03-26 20:48:44 +01:00
|
|
|
- Route patterns now use ``re.fullmatch()`` and will no longer trigger on
|
|
|
|
partial matches.
|
2020-03-11 05:06:22 +01:00
|
|
|
- Jetforce will no longer raise an exception when attempting to log dropped
|
|
|
|
connections or other malformed requests.
|
2020-03-12 04:26:47 +01:00
|
|
|
- Added the following CGI variables for client certificates:
|
2020-03-26 20:48:44 +01:00
|
|
|
TLS_CLIENT_NOT_BEFORE, TLS_CLIENT_NOT_AFTER, TLS_CLIENT_SERIAL_NUMBER
|
2020-01-22 00:17:33 +01:00
|
|
|
|
2020-05-25 03:29:19 +02:00
|
|
|
### v0.2.0 (2020-01-21)
|
2020-01-22 00:17:33 +01:00
|
|
|
|
2020-01-13 01:31:48 +01:00
|
|
|
#### Features
|
|
|
|
|
|
|
|
- Added support for python 3.8.
|
2020-01-13 02:36:00 +01:00
|
|
|
- Added a new server diagnostics tool, ``jetforce-diagnostics``.
|
2020-01-13 01:31:48 +01:00
|
|
|
- Added ability to binding to IPv6 addresses (if supported by your OS):
|
2020-01-13 02:36:00 +01:00
|
|
|
- For IPv4 : ``--host "0.0.0.0"``
|
|
|
|
- For IPv6 : ``--host "::"``
|
|
|
|
- For IPv4 + IPv6 : ``--host ""``
|
2020-01-13 01:31:48 +01:00
|
|
|
- Various improvements have been made to the project documentation.
|
|
|
|
|
|
|
|
#### Bugfixes
|
|
|
|
|
|
|
|
- A URL missing a scheme will now be interpreted as "gemini://".
|
2020-01-13 02:36:00 +01:00
|
|
|
- A request to the root URL without a trailing slash will now return a
|
|
|
|
``31 PERMANENT REDIRECT``.
|
2020-01-13 01:31:48 +01:00
|
|
|
- Requests containing an invalid or unparsable URL format will now return a
|
2020-01-13 02:36:00 +01:00
|
|
|
status of ``59 BAD REQUEST`` instead of ``50 PERMANENT FAILURE``.
|
2020-01-13 01:31:48 +01:00
|
|
|
- Files starting with ``~`` will now be included in directory listings.
|
|
|
|
- Requests containing an incorrect scheme, hostname, or port will now return a
|
2020-01-13 02:36:00 +01:00
|
|
|
``53 PROXY REFUSED`` instead of a ``50 PERMANENT FAILURE``.
|
2020-01-13 01:31:48 +01:00
|
|
|
- The port number in the URL (if provided) is now validated against the
|
|
|
|
server's port number.
|
2020-01-13 02:36:00 +01:00
|
|
|
- OS errors when attempting to read a file will return a ``51 NOT FOUND``
|
|
|
|
status instead of a ``42 CGI Error``. This is a precaution to prevent leaking
|
|
|
|
sensitive information about the server's filesystem.
|
|
|
|
- For security, unhandled exceptions will now display a generic error message
|
|
|
|
instead of the plain exception string.
|
2020-01-13 01:31:48 +01:00
|
|
|
|
2019-09-23 04:13:00 +02:00
|
|
|
### v0.1.0 (2019-09-22)
|
2019-09-03 02:58:22 +02:00
|
|
|
|
2019-09-23 03:59:20 +02:00
|
|
|
- The server will now return a redirect if a directory is requested but the URL
|
2019-09-23 04:13:00 +02:00
|
|
|
does not end in a trailing slash. This is intended to reduce duplicate
|
|
|
|
selectors and make it easier for clients to resolve relative links.
|
2019-09-23 03:59:20 +02:00
|
|
|
- Added a ``-V`` / ``--version`` argument to display the version and exit.
|
2019-09-23 04:13:00 +02:00
|
|
|
- The server now returns an error code of ``50 PERMENANT FAILURE`` by default
|
|
|
|
if the URL does not match the server's scheme or hostname.
|
|
|
|
- Timestamps in log messages are now displayed in the server's local timezone.
|
|
|
|
As before, the UTC offset is included as "+HHMM" to avoid ambiguity.
|
2019-09-23 03:59:20 +02:00
|
|
|
|
2019-08-30 05:51:25 +02:00
|
|
|
### v0.0.7 (2019-08-30)
|
2019-08-23 15:45:24 +02:00
|
|
|
|
2019-08-30 05:51:25 +02:00
|
|
|
- Added support for a primitive version of CGI scripting.
|
|
|
|
- Added support for TLS client certificate verification.
|
|
|
|
- The directory index file has been changed from ".gemini" to "index.gmi".
|
|
|
|
- Files with the ".gemini" extension are now recognized as *text/gemini*.
|
|
|
|
- Several minor improvements to the internal codebase and API.
|
2019-08-23 15:45:24 +02:00
|
|
|
|
2019-08-23 01:34:04 +02:00
|
|
|
### v0.0.6 (2019-08-22)
|
|
|
|
|
|
|
|
- Significant refactoring of the base application interface.
|
|
|
|
- Added built-in support for URL routing based on the request path.
|
|
|
|
- Added support for accepting input using query strings.
|
2019-08-30 05:51:25 +02:00
|
|
|
- Files with the ".gmi" extension are now recognized as *text/gemini*.
|
2019-08-23 01:34:04 +02:00
|
|
|
- Added a new examples/ directory with the following applications
|
|
|
|
- A bare bones echo server
|
|
|
|
- A guestbook application
|
|
|
|
- An HTTP/HTTPS proxy server
|
|
|
|
|
2019-08-12 17:39:14 +02:00
|
|
|
### v0.0.5 (2019-08-12)
|
|
|
|
|
|
|
|
Updates to conform to the v0.9.1 Gemini specification
|
|
|
|
|
|
|
|
- The request line is now expected to be a full URL instead of a PATH.
|
|
|
|
- Response status codes have been updated to match the new specification.
|
|
|
|
- The server now requires a "hostname" be specified via a command line argument.
|
|
|
|
- Request URLs that contain other protocols / hosts are disallowed.
|
|
|
|
- A simple gemini client, ``jetforce-client``, is now included.
|